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Introduction 



In This Welcome to the HP StorageWorks Enterprise File Services WAN Accelerator 

Introduction Command-Line Interface Reference Manual. Read this introduction for an 

overview of the information provided in this guide and for an understanding 
of the documentation conventions used throughout. This introduction 
contains the following sections: 

♦ "About This Guide," next 

♦ "Hardware and Software Dependencies" on page 12 

♦ "Ethernet Network Compatibility" on page 12 

♦ "Antivirus Compatibility" on page 12 

♦ "Additional Resources" on page 13 

♦ "Contacting HP" on page 14 



About This Guide 

The HP StorageWorks Enterprise File Services WAN Accelerator Command-Line 
Interface Reference Manual is a reference manual for the HP EFS WAN 
Accelerator Command-Line Interface (CLI) for the HP EFS WAN Accelerator. 
This manual lists commands, syntax, parameters, and example usage. 



Types of Users This guide is written for storage and network administrators with familiarity 

administering and managing networks using Common Internet File System 
(CIFS), Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), 
and Microsoft Exchange. 



Organization of 
This Guide 



The HP StorageWorks Enterprise File Services WAN Accelerator Command-Line 
Interface Reference Manual includes the following chapters: 

♦ Chapter 1, "Using the Command-Line Interface," describes how to 
connect and use the HP EFS WAN Accelerator Command-Line Interface. 

♦ Chapter 2, "User-Mode Commands," provides a reference for user-mode 
commands. 
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♦ Chapter 3, "Enable-Mode Commands," provides a reference for 
privileged-mode commands. 

♦ Chapter 4, "Configuration-Mode Commands," provides a reference for 
configuration-mode commands. 

♦ Appendix A, "Configuring WCCP," describes how to configure the HP 
EFS WAN Accelerator for the Web Cache Communication Protocol 
(WCCP). It also includes instructions for configuring the WCCP router. 

♦ Appendix B, "Configuring PBR," describes how to configure the HP EFS 
WAN Accelerator for Policy-Based Routing (PBR). It also includes 
instructions for configuring the PBR router. 

♦ Appendix C, "Configuring RADIUS and TACACS Servers," describes 
how to configure Remote Authentication Dial-In User Service (RADIUS) 
or Terminal Access Controller Access Control System (TACACS) servers 
for the HP EFS WAN Accelerator. 

♦ Appendix D, "HP EFS WAN Accelerator Ports/'provides a list of default 
ports, and interactive and secure ports automatically forwarded by the 
HP EFS WAN Accelerator. 

A glossary of terms follows the chapters, and a comprehensive index directs 
you to areas of particular interest. 



Document This manual uses the following standard set of typographical conventions to 

Conventions introduce new terms, illustrate screen displays, describe command syntax, 

and so forth. 



Convention 


Meaning 


italics 


Within text, new terms and emphasized words appear in 




italics. 


boldface 


Within text, commands, keywords, identifiers (names of 




classes, objects, constants, events, functions, program 




variables), environment variables, filenames, Graphical User 




Interface (GUI) controls, and other similar terms appear in 




boldface. 
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Convention 


Meaning 


Courier 


Information displayed on your terminal screen and 




information that you are instructed to enter appear in a 




Courier typeface. 


KEYSTROKE 


Keys that you are to press appear in uppercase letters in 




Helvetica font. 


< > 


vviTRin syntax Qescripnons, values inaT you speory appear m 




angle brackets. For example: 




interface <ipaddress> 


r l 
L J 


VV1L1UX1 byllLdA Lie&CIlU L1UIL&, UUllUIlctl Rcy WUIUa UI V dlldUlcb 




appear in brackets. For example: 




ntp peer <addr> [version <number>] 


1} 


Within syntax descriptions, required keywords or variables 




appear in braces. For example: 




{delete <filename> | upload <filename>} 



Within syntax descriptions, the pipe symbol represents a 
choice to select one keyword or variable to the left or right of 
the symbol. (The keyword or variable can be either optional 
or required.) For example: 
{delete <filename> | upload <filename>j 
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Hardware and Software Dependencies 



The following table summarizes the hardware, software, and operating 
system requirements for the HP EFS WAN Accelerator CLI. 



HP EFS WAN Accelerator 
Component 


Hardware Requirements 


Software Requirements 
Operating System Requirements 


HP EFS WAN Accelerator 
Command-Line Interface 


• An ASCII terminal or 
emulator that can connect to 
the serial console (9600 baud, 
8 bits, no parity, 1 stop bit, 
and no flow control). 

or 

• A computer with a Secure 
Shell (ssh) client that is 
connected by an IP network 
to the HP EFS WAN 
Accelerator Primary 
interface. 


• Secure Shell (ssh). Free ssh clients include 
PuTTY for Windows computers, OpenSSH 
for many Unix and Unix-like operating 
systems, and Cygwin. 



Ethernet Network Compatibility 

The HP EFS WAN Accelerator supports the following types of Ethernet 
networks: 

♦ Fast Ethernet (IEEE 802.3u 100 BaseTX) 

♦ Gigabit Ethernet over Copper (IEEE 802.3ab 1000 Base-T) 

In-path HP EFS WAN Accelerator appliance ports are Fast Ethernet, Ethernet 
auto-sensing. 

The primary port in the HP EFS WAN Accelerator is 10/100/1000 Mbps auto- 
sensing. The HP EFS WAN Accelerator supports Jumbo Frames. 

The HP EFS WAN Accelerator supports VLAN 802.1q. It does not support the 
Cisco InterSwitch Link (ISL) protocol. 



Antivirus Compatibility 

The HP EFS WAN Accelerator has been tested with the following antivirus 
software with no impact on performance: 

♦ Network Associates (McAfee) VirusScan 7.0.0 Enterprise on the server 

♦ Network Associates (McAfee) VirusScan 7.1.0 Enterprise on the server 

♦ Network Associates (McAfee) VirusScan 7.1.0 Enterprise on the client 

♦ Symantec (Norton) Antivirus Corporate Edition 8.1 on the server 



12 



Introduction 



The HP EFS WAN Accelerator has been tested with the following antivirus 
software with a noticeable to moderate impact on performance: 

♦ F-Secure Anti- Virus 5.43 on the client 

♦ F-Secure Anti- Virus 5.5 on the server 

♦ Network Associates (McAfee) NetShield 4.5 on the server 

♦ Network Associates VirusScan 4.5 for multiplatforms on the client 

♦ Symantec (Norton) Antivirus Corporate Edition 8.1 on the client 



Additional Resources 

This section describes the following resources that supplement the 
information in this guide: 

♦ Release notes 

♦ Related HP documentation 

♦ Related technical reference books 

You can access the complete document set for the HP EFS WAN Accelerator 
from the HP StorageWorks EFS WAN Accelerator Documentation Set CD-ROM: 

♦ HP StorageWorks Enterprise File Services WAN Accelerator Installation and 
Configuration Guide describes how to install and configure the HP EFS 
WAN Accelerator. 

♦ HP StorageWorks Enterprise File Services WAN Accelerator Management 
Console User's Guide describes how to use the HP EFS WAN Accelerator 
Mangement Console to administer and monitor your HP system. 

♦ HP StorageWorks Enterprise File Services WAN Accelerator Manager User's 
Guide describes how to install, configure, and administer a network made 
up of multiple HP EFS WAN Accelerators using the HP StorageWorks 
Enterprise File Services WAN Accelerator Manager. 

The HP EFS WAN Accelerator documentation set is periodically updated with 
new information. To access the most current version of the HP EFS WAN 
Accelerator documentation and other technical information, consult the HP 
support site located at http://www.hp.com. 

To learn more about network storage systems and network administration, 
consult the following books: 

♦ Microsoft Windows 2000 Server Administrator's Companion by Charlie 
Russell and Sharon Crawford (Microsoft Press, January 2000) 

♦ Common Internet File System (CIFS) Technical Reference by Storage 
Networking Industry Association (Storage Networking Industry 
Association, 2002) 
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Related HP 
Documentation 



Online 

Documentation 



Related 
Reading 



♦ TCP/IP Illustrated, Volume I, The Protocols by W. R. Stevens (Addison- 
Wesley, 1994) 

♦ Internet Routing Architectures (2nd Edition) by Bassam Halabi (Cisco Press, 
2000) 



Contacting HP 

This section describes how to contact HP. 



NOTE: Do not load any other software on your HP Storage Works EFS WAN 
Accelerator, as doing so will void your support agreement and you will not be 
able to receive HP technical support. 



Technical Telephone numbers for worldwide technical support are listed on the 

SlJDDOrt following HP web site: http://www.hp.com/support . From this web site, select 

the country of origin. For example, the North American technical support 

number is 800-633-3600. 



NOTE: For continuous quality improvement, calls may be recorded or monitored. 



Be sure to have the following information available before calling: 

♦ Technical support registration number (if applicable) 

♦ Product serial numbers 

♦ Product model names and numbers 

♦ Applicable error messages 

♦ Operating system type and revision level 

♦ Detailed, specific questions 



HP Storage Web Site 

The HP web site has the latest information on this product, as well as the latest 
drivers. Access the storage site at: http:/ /www.hp.com/ country/ us/eng/ 
prodserv/storage.html . From this web site, select the appropriate product or 
solution. 
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HP NAS Services Web Site 

The HP NAS Services site allows you to choose from convenient HP Care Pack 
Services packages or implement a custom support solution delivered by HP 
ProLiant Storage Server specialists and /or our certified service partners. For 
more information see us at http:/ / www.hp.com/hps/storage/ns nas.html . 
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16 Introduction 



CHAPTER 1 Using the Command-Line 

Interface 



IS 
z 

a 

> § 



In This Chapter This chapter describes how to access and use the HP EFS WAN Accelerator 

command-line interface (CLI). This chapter includes the following sections: 

♦ "Connecting to the Command-Line Interface," next 

♦ "Overview of the Command-Line Interface" on page 18 

♦ "Entering Commands" on page 19 

♦ "Accessing Online Help" on page 19 

♦ "Error Messages" on page 20 

♦ "Command Negation" on page 20 

♦ "Saving Configuration Changes" on page 20 



Connecting to the Command-Line Interface 

This section assumes you have already performed the initial setup of the HP 
EFS WAN Accelerator using the configuration wizard. 

To connect the CLI 1. You can connect to the CLI using one of the following options: 

♦ An ASCII terminal or emulator that can connect to the serial console. It 
must have the following settings: 9600 baud, 8 bits, no parity, 1 stop bit, 
and no flow control. 

♦ A computer with a Secure Shell (ssh) client that is connected to the HP 
EFS WAN Accelerator Primary port (in some cases, you might connect 
through the Auxiliary port). 



HP EFS WAN Accelerator Command-Line Interface Reference Manual 



17 



2. At the system prompt, enter the following command: 

ssh admin@host . domain 
or 

ssh admin@ ipaddress 

3. You are prompted for the administrator password. This is the password 
you set during the initial configuration process. (The default password is 
password.) 

You can also log in as a monitor user (monitor) . Monitor users cannot make 
configuration changes to the system. Monitor users can view connected HP 
EFS WAN Accelerators, and performance and system reports. 



Overview of the Command-Line Interface 

The HP EFS WAN Accelerator CLI is divided into the following modes: 

♦ User. When you start a CLI session, you begin in the default, user-mode. 
From the user-mode you can run common network tests such as ping. 
You do not enter a command to enter this mode. To exit this mode, enter 
exit at the command line. 

♦ Enable. To access all commands, you must enter enable-mode. From 
enable-mode, you can enter any enable command or enter configuration 
mode. You must be an administrator user to enter enable-mode. 



NOTE: You cannot enter enable-mode if you are a monitor user. For detailed 
information about administrator and monitor users, see the HP StomgeWorks Enterprise 
File Services WAN Accelerator Management Console User's Guide. 



♦ Configuration. Using the configuration-mode, you can make changes to 
the running configuration. If you save the configuration, these commands 
are stored when the system reboots. To enter configuration-mode, you 
must first be in enable-mode. To exit this mode, enter exit at the command 
line. 



1 Using the Command-Line Interface 



The commands available to you depend on which mode you are in. Entering 
a question mark (?) at the system prompt provides a list of commands for each 
command mode. 


Mode 


Access Method 


System Prompt 


Exit Method 


Description 


user 


Each CLI session 
begins in user mode. 


host > 


exit 


• Perform common 
network tests such as 
ping. 


enable 


Enter the enable 
command at the 
system prompt while 
in user mode. 


host* 


disable 

no enable 

Note: To exit the 
system, enter the 
exit command. 


• Restart and reboot 

LI LC OVSLC11L. 

• Display system 
information. 

• Verify configuration 
information. 


configuration 


Enter the configure 
terminal command at 
the system prompt 
while in privileged 
mode. 


host (config) # 


exit 


• Configure system 
parameters. 



Entering Commands 

The CLI accepts abbreviations for commands. The following example is the 
abbreviation for the configure terminal command: 

tilden (config) # configure t 
You can also press TAB to complete a CLI command automatically. 



Accessing Online Help 

At the system prompt, type the full or partial command string followed by a 
question mark (?). The CLI displays the command keywords or parameters for 
the command, and a short description. 

To access online help • At the system prompt enter the following command: 

tilden (config) # show ? 

The CLI does not display the question mark. 
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Error Messages 



If at any time the system does not recognize the command or parameter, it 
displays the following message: 

tilden (config) # logging files enable 
% Unrecognized command "enable". 
Type "logging files ?" for help. 

If a command is incomplete, the following message is displayed: 

tilden (config) # logging 
% Incomplete command. 
Type "logging ?" for help. 



Command Negation 

You can type the no command before many of the commands to negate the 
syntax. Depending on the command or the parameters, command negation 
disables the command or returns the parameter to the default value. 



Saving Configuration Changes 

The show running config command displays the current configuration of the 
system. When you make a configuration change to the system, the change 
becomes part of the running configuration. 

The change does not automatically become part of the configuration file in 
memory until you write the file to memory. If you do not save your changes to 
memory, they are lost when the system restarts. 

To save all configuration changes to memory, you must enter the write 
memory command in privileged mode. 



1 Using the Command-Line Interface 



CHAPTER 2 



User-Mode Commands 



In This Chapter This chapter is a reference for user-mode commands. User-mode commands 

allow you to enter enable-mode and perform standard network monitoring 
utilities. 

This chapter describes the following user-mode commands: 

♦ "enable" on page 21 

♦ "exit" on page 21 

♦ "ping" on page 22 

♦ "tcpdump" on page 22 

♦ "tproxytrace" on page 23 

♦ "traceroute" on page 23 



enable 



Description Enters enable-mode. 
Syntax enable 
Parameters None 



Example 



minna > enable 
minna # 



exit 



Description Exits the CLI when in non-enable-mode; exits enable-mode when in enable- 
mode; exits configuration-mode when in configuration-mode. 



Syntax exit 
Parameters None 

Example minna (config) # exit 

minna # 
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ping 



Description 



Executes the HP EFS WAN Accelerator ping utility, to send ICMP 
ECHO_REQUEST packets to network hosts for troubleshooting. The HP EFS 
WAN Accelerator ping command takes the standard Linux options. For 
detailed information see the manual (man) page. 



For example, to check your connections: 

ping -I <appliance-IP-address> 
<pr imary-de fault -gat eway> 



Syntax ping [<options>] 

Parameters 



<options> The following options are supported: 

-L RUbdfnqrvVaA] 



-c count] 
-i interval] 
-w deadline] 
-p pattern] 
-s packetsize]. 
-t ttl] 

-I interface or address] For example: ping -I <primary-IP-address> 
<primary-default-gateway> 
-M mtu discovery hint] 
-S sndbuf] 

-T timestamp option] 
-Q tos] 

hopl ...]destination Specify intermediate hops. 



Example minna # ping minna 

PINGminna.domain.com (10.0.0.3) 56(84) bytes of data. 

64 bytes fromminna.domain.com (10.0.0.3): icmp_seq=l ttl=64 time=0.038 
ms 

64 bytes fromminna.domain.com (10.0.0.3): icmp_seq=2 ttl=64 time=0.024 
ms 



tcpdump 

Description Executes the tcpdump utility. The tcpdump command takes the standard 
Linux options. For detailed information, see the manual (man) page. 



TIP: You can write tcpdump to a file using the -w option so that you can analyze them. 



Syntax 



tcpdump [<options>] 



2 User-Mode Commands 



Parameters 



<options> The tcpdump command takes the standard Linux options. For 

detailed information see the manual (man) page. 



Example minna # tcpdump 

tcpdump: listening on primary 

18:59:13.682568 minna . domain . com. ssh > dhcp-22 . domain . com . 3277 : P 
3290808290:3290808342(52) ack 3412262693 win 5840 (DF) [dscp 0x10] 
18:59:13.692513 minna . domain . com. ssh > dhcp-22 . domain . com . 3277 : P 
0:52(52) ack 1 win 5840 (DF) [dscp 0x10] 

18:59:13.702482 minna . domain . com. ssh > dhcp-22 . domain . com . 3277 : P 
0:52(52) ack 1 win 5840 (DF) [dscp 0x10] 



tproxytrace 

Describes the HP EFS WAN Accelerator path in real time, 
tproxytrace [<options>] 



<options> The tproxytrace command takes the following options: 

-h (help). Print this help text. 

-i (iface). Use this interface to send probes on. 

-d (depth). Probe to this depth of proxies. 

-s (source). Use this source ip address for probes. 

-t (timeout). Milliseconds per depth to listen for probe responses. 



Example minna # tproxytrace 10.0.0.3:22 

Probe from 10.0.0.3 (primary) to 10.0.0.3:22 
depth 1 timed out 



Description 

Syntax 

Parameters 



traceroute 

Description Executes the traceroute utility. The traceroute command takes the standard 
Linux options. For detailed information see the manual (man) page. 

Syntax traceroute [<options>] 

Parameters 



<options> The traceroute command takes the standard Linux options. For 

detailed information see the manual (man) page. 
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Example minna # traceroute minna 

traceroute to minna.domain.com (10.0.0.3), 30 hops max, 38 byte packets 
1 minna (10.0.0.3) 0.035 ms 0.021 ms 0.013 ms 



2 User-Mode Commands 



Enable-Mode Commands 



In This Chapter This chapter is a reference for enable-mode commands. Enable-mode 

commands are commands that display process information. 

To enter enable-mode 1. Connect to the CLI. For detailed information, see "Connecting to the 

Command-Line Interface" on page 17. 

2. To enter enable-mode, at the system prompt enter: 
adeline> enable 

To exit enable-mode, enter exi t. For information about the exit command, 
"exit" on page 21. 

This chapter describes the following enable-mode commands: 



♦ 


"configure terminal" on page 27 


♦ 


"disable" on page 27 


♦ 


"file debug-dump" on page 27 


♦ 


"file stats" on page 28 


♦ 


"reload" on page 28 


♦ 


"restart" on page 29 


♦ 


"show arp" on page 29 


♦ 


"show authentication method" on page 29 


♦ 


"show bootvar" on page 30 


♦ 


"show cli" on page 30 


♦ 


"show clock" on page 30 


♦ 


"show configuration" on page 31 


♦ 


"show configuration files" on page 31 


♦ 


"show configuration full" on page 32 


♦ 


"show configuration running" on page 32 


♦ 


"show connections" on page 32 


♦ 


"show duplex" on page 33 
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♦ "show email" on page 33 

♦ "show failover" on page 33 

♦ "show files debug-dump" on page 34 

♦ "show files stats" on page 34 

♦ "show files tcpdump" on page 34 

♦ "show hosts" on page 34 

♦ "show images" on page 35 

♦ "show info" on page 35 

♦ "show in-path" on page 35 

♦ "show in-path rules" on page 36 

♦ "show interfaces" on page 36 

♦ "show ip" on page 37 

♦ "show licenses" on page 38 

♦ "show limit bandwidth" on page 38 

♦ "show log" on page 39 

♦ "show logging" on page 39 

♦ "show ntp" on page 40 

♦ "show out-of-path" on page 40 

♦ "show peers" on page 40 

♦ "show protocol cifs" on page 40 

♦ "show protocol mapi" on page 41 

♦ "show qos" on page 41 

♦ "show radius" on page 41 

♦ "show raid diagram" on page 41 

♦ "show raid error-msg" on page 42 

♦ "show running-config" on page 42 

♦ "show service" on page 42 

♦ "show service authentication" on page 42 

♦ "show snmp" on page 43 

♦ "show ssh server" on page 43 

♦ "show stats" on page 43 

♦ "show tacacs" on page 44 

♦ "show terminal" on page 44 

♦ "show usernames" on page 45 

♦ "show version" on page 45 

♦ "show web" on page 45 
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3 Enable-Mode Commands 



♦ "slogin" on page 46 

♦ "stats export" on page 46 

configure terminal 

Description Enables configuration from the terminal by entering the configuration 
subsystem. To exit the configuration subsystem, type exit. The no 
configure-command option disables the option. 

Syntax configure terminal 

Parameters None 

Example minna # configure terminal 

minna (config) # 



Description 

Syntax 

Parameters 
Example 



disable 

Exits privileged-mode, 
disable 

None 

minna # disable 
minna > 



Description 
Syntax 

Parameters 



file debug-dump 

Manipulates debug dump files. 

file debug-dump {delete <filename> | email <filename> | upload 
<filename> <URL>} 



Example 



delete <filename> 


Specifies 


the 


system 


dump 


file to 


delete. 


email <filename> 


Specifies 


the 


system 


dump 


file to 


email. 


upload <filename> <URL> 


Specifies 


the 


system 


dump 


file to 


upload. 



minna #file debug-dump delete sysdump-minna-20040302-234632 . tgz 
minna # 
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file stats 



Description Moves, deletes, or uploads HP EFS WAN Accelerator performance statistics 
in a comma separated value (CSV) file. You must export the performance 
statistics using the export stats command. 

Syntax file stats move <source filenamo <destination filenamo | 

delete <filename> | 
upload <filename> <URL> 

Parameters 



move <source filenamo 
<destination filenamo 



delete <filename> 



Specifies the source file to move and the destination 
file. The following performance statistics are available: 
CPU statistics, memory ultilization, memory paging, 
and bandwidth statistics. 

Specifies the statistics file to delete. 



upload <filename> <URL> 



Specifies the statistics file to upload and the destination 
in URL format. The URL format is: 
scp://login:password@host/path. 



Example 



minna # file stats delete cpu.csv 
minna # 



reload 

Description Reboots the HP EFS WAN Accelerator. If the clean option is specified, the 
data store is cleared before reboot occurs. 

Syntax reload clean [halt] | halt | force 

Parameters 



clean [halt] 


Clears the data store and reboots or shuts down the system. The 




reload clean halt command clears the data store and shuts down 




the system. 


halt 


Shuts down the system. 


force 


Clears the data store, then reboots or shuts down the system 



Example minna # reload 

The session will close. It takes about 2-3 minutes to reboot the 
appliance . 



3 Enable-Mode Commands 



restart 



Description Restarts the HP EFS WAN Accelerator service. If the clean option is specified, 
the data store is cleared before restart occurs. 

Syntax restart [clean] 

Parameters 



clean 



Empties the data store before rebooting the appliance. 



Example minna # restart 

Terminating the process.... 
Relaunching the process . 



show arp 

Description Displays the contents of the Address Resolution Protocol (ARP) cache. This 
contains all of the statically-configured ARP entries, as well as any that the 
system has picked up at dynamically. 

Syntax show arp [static] 

Parameters 



static 



Displays static ARP addresses. 



Example minna # show arp 

ARP cache contents 

IP 10.0.0.1 maps to MAC 00 : 07 : E9 : 7 0 : 2 0 : 15 
IP 10.0.0.2 maps to MAC 00 : 05 : 5D : 3 6 : CB : 29 
IP 10.0.100.22 maps to MAC 00 : 07 : E9 : 55 : 10 : 09 



show authentication method 

Description Displays the list of authentication methods used for log ins. 
Syntax show authentication method 

Parameters None 



Example 



minna # show authentication method 
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show bootvar 



Description Displays the software image that is booted upon the next reboot. 
Syntax show bootvar 

Parameters None 

Example minna # show bootvar 

Installed images: 
Partition 1: 

rbtsh/linux Columbia #1 2004-02-07 19:24:24 rootSreleng : CVS_TMS/HEAD 
Partition 2 : 

rbtsh/linux Columbia #2 2004-02-13 17:30:17 rootSreleng : CVS_TMS/HEAD 
Last boot partition: 1 
Next boot partition: 1 

show cli 

Description Displays current CLI settings. 
Syntax show cli 

Parameters None 

Example minna # show cli 

Current inactivity timeout is 15 minutes 

show clock 

Description Displays current date and time. 
Syntax show clock 



Parameters 
Example 



None 

minna # show clock 
Time: 19:31:43 
Date: 2003/12/22 
Zone: GMT-offset GMT 



3 Enable-Mode Commands 



show configuration 



Description Displays the current and saved configuration settings that differ from the 
default settings. 

Syntax show configuration 

Parameters None 

Example minna # show configuration 

## 

## Network interface configuration 
## 

no interface aux dhcp 
interface aux duplex "auto" 
no interface aux shutdown 
interface aux speed "auto" 

interface primary ip address 10.0.0.3 /16 
## 

## Routing configuration 
## 

ip default-gateway "10.0.0.1" 
## 

## Other IP configuration 
## 

hostname "minna" 

ip domain-list domain.com 

ip domain-list domain.com 

ip name-server 10.0.0.2 

## 

## Logging configuration 
## 

logging local "info" 
## 

## Process Manager configuration 
## 

pm process mgmtd launch timeout "4000" 
pm process sport shutdown order " 0 " 
pm process statsd shutdown order "0" 
## 

## Network management configuration 
## 

## Miscellaneous other settings 



show configuration files 

Description Displays current configuration files. 
Syntax show configuration files [<filename>] 

Parameters 



<filename> Specifies a particular configuration file. 



Example minna # 

initial 
initial 



show configuration files 
(active) 
bak 
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show configuration full 

Description Displays all configuration settings, including the default settings. 
Syntax show configuration full 

Parameters None 

Example minna # show configuration full 

## 

## Network interface configuration 
## (displays the full configuration) 

show configuration running 



Description 

Syntax 
Parameters 



Displays running configuration settings. The show configuration running 
full command displays all settings, including default settings. 

show configuration running [full] 



full 



Displays complete running configuration settings. 



Example minna # show configuration running 

## 

## Network interface configuration 
## (displays running configuration) 



Description 
Syntax 



show connections 

Displays connections running through the HP EFS WAN Accelerator, 
show connections 

sort | {source [ip | port]} | destination [ip | port] | 

filter [<ip> | <port>] | 

oop [sort [ip or port]] | filter [ip | port] 



Parameters 



sort 



Sorts results by IP address or port. 



source [ip | port] | destination [ip | port] Source specifies the client-side HP EFS 

WAN Accelerator. Destination specifies 
the server-side HP EFS WAN 
Accelerator. 



filter [<ip > | <port>] 



Filters results by IP address or port. 



oop [sort [ip | port] | filter [ip | port]] 



Displays out-of-path connections. Sorts 
or filters by IP address or port. 



3 Enable-Mode Commands 



Example 



minna # show connections sort source ip 
no connections 



show duplex 

Description Displays current duplex settings. 
Syntax show duplex 

Parameters None 

Example minna # show duplex 



show email 

Description Displays current email settings. 
Syntax show email 

Parameters None 

Example minna # show email 

Mail hub: 

Domain: domain.com (default) 
Event emails 
Enabled: yes 

No recipients configured. 
Failure emails 
Enabled: yes 

No recipients configured. 
Autosupport emails 
Enabled: yes 

Recipient : autosupportSautosupport . domain . com 
Mail hub: autosupport . domain. com 



show failover 

Description Displays current failover device settings. 
Syntax show failover 



Parameters 



Example 



None 



minna # show failover 
no 
yes 



Enabled : 
Master : 
Local Port: 
Buddy IP Address : 
Buddy Port : 
minna # 



7820 

0.0.0. 

7820 
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Description 

Syntax 
Parameters 

Example 

Description 

Syntax 
Parameters 

Example 

Description 

Syntax 

Parameters 
Example 

Description 

Syntax 

Parameters 



show files debug-dump 

Displays HP EFS WAN Accelerator performance statistics in a comma 
separated value format. 

show files debug-dump <filename> 



<filename> Specifies the filename. 



minna # show files debug-dump 
minna # 



show files stats 

Displays HP EFS WAN Accelerator performance statistics in a comma 
separated value format. 

show files stats <filename> 



<filename> Specifies the performance statistics filename. You must first export 
the performance statistics using the export stats command. 



minna # show files stats 
minna # 

show files tcpdump 

Displays files saved by the tcpdump utility, 
show files tcpdump 

None 

minna # show files tcpdump 
minna # 

show hosts 

Displays HP EFS WAN Accelerator system hosts. 

show hosts 

None 



3 Enable-Mode Commands 



Example minna # show hosts 

Hostname: minna 

Name server: 10.0.0.2 (configured) 
Domain name: domain.com (configured) 
Domain name: domain.com (configured) 
IP 127.0.0.1 maps to hostname localhost 
minna # 



show images 

Description Displays the available software images. 
Syntax show images 

Parameters None 

Example minna # show images 

Images available to be installed: 
webimage . tbz 

rbtsh/linux Vancouver #12 2004-07-15 11:54:52 rootSellis : CVS_TMS/HEAD 
image . img 

rbtsh/linux 1.0 #17 2004-04-29 16:39:32 rootSgilman : CVS_TMS/HEAD 
Installed images: 
Partition 1: 

rbtsh/linux f lamebox-HEAD-2004-07-15-07 : 19 : 19 #0 2004-07-15 07:19:19 
r o o t @ g i lman : C VS_TMS / HEAD 
Partition 2 : 

rbtsh/linux Vancouver #12 2004-07-15 11:54:52 rootSellis : CVS_TMS/HEAD 
Last boot partition: 2 
Next boot partition: 2 



show info 

Description Displays the system status, including the running state of the HP EFS WAN 
Accelerator. 



Syntax show info 

Parameters None 

Example minna # show info 

Status: Healthy 

Config: initial 

Appliance Up Time: 8d 21h 35m 50s 

Service Up Time: 18h 16m 40s 



Serial : 
Model : 
Version: 
minna # 



00E08128132B 
510 

Columbia . 1 



show in-path 

Description Displays current in-path configuration settings. 
Syntax show in-path 
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Parameters 
Example 



None 

minna # show in-path 

Enabled: yes 

Kickoff: no 

VLAN ID: 0 

Client-Side OOP: no 
minna # 



Description 

Syntax 

Parameters 
Example 



show in-path rules 

Displays current in-path rules and Virtual Local Area Network (VLAN) 
identification numbers. 



show in-path rules 

None 

Rule Type Source Addr Dest Addr 



1 fixd * * 
VLAN : 2 6 
def auto * * 
Pass Through Secure Ports : yes 
Pass Through Interactive Ports: yes 



Port Target Addr Port 
" 10.0.0.73 7810 



Description 

Syntax 
Parameters 



Example 



show interfaces 

Displays the running state settings (which might be different due to Dynamic 
Host Configuration Protocol (DHCP)) and statistics. 

show interfaces [<intname>] | [brief | configured] 



<intname> Specifies the name of the interface. 


brief Displays the running state settings without statistics. 


configured Displays configured settings for the interface. 


minna # show interfaces 


Interface lo state 




Up: 


yes 


IP address : 


127 .0.0.1 


Netmask : 


255.0.0.0 


Speed: 




Duplex: 




Interface type: 


loopback 


MTU: 


16436 


HW address: 




RX bytes: 


656 


RX packets: 


12 


RX mcast packets: 


0 


RX discards: 


0 


RX errors : 


0 


RX overruns : 


0 



3 Enable-Mode Commands 



RX frame: 0 

TX bytes: 656 

TX packets : 12 

TX discards: 0 

TX errors: 0 

TX overruns : 0 

TX carrier: 0 

TX collisions: 0 

Interface primary state 

Up: yes 

IP address: 10.0.0.3 

Netmask: 255.255.0.0 

Speed: lOOMb/s (auto) 

Duplex: full (auto) 

Interface type: ethernet 



MTU: 


1500 


HW address : 


00:E0:81 


RX bytes: 


576490 


RX packets : 


7454 


RX mcast packets: 


0 


RX discards : 


0 


RX errors: 


0 


RX overruns : 


0 


RX frame : 


0 


TX bytes : 


63464 


TX packets : 


559 


TX discards: 


0 


TX errors: 


0 


TX overruns : 


0 


TX carrier: 


0 


TX collisions: 


0 


Interface aux state 




Up: 


yes 


IP address : 





Netmask: 

Speed : UNKNOWN 

Duplex: UNKNOWN 

Interface type: ethernet 

MTU : 1500 



HW 


address : 


0 


RX 


bytes : 


0 


RX 


packets : 


0 


RX 


mcast packets: 


0 


RX 


discards : 


0 


RX 


errors : 


0 


RX 


overruns : 


0 


RX 


frame : 


0 


TX 


bytes : 


0 


TX 


packets : 


0 


TX 


discards : 


0 


TX 


errors : 


0 


TX 


overruns : 


0 


TX 


carrier : 


0 


TX 


collisions : 


0 



show ip 

Description Displays IP settings such as host name, Domain Name Service (DNS), and 
static route. 
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Syntax 



Parameters 



show ip { 

default gateway [static] | 
route [static] | 
wan-gateway | 
in-path-gateway [static]} 



Example 



default gateway 


Displays the default gateway or static default gateway. 


[static] 




route [static] 


Displays the IP route or IP static route. 


wan-gateway 


Displays the Wide Area Network (WAN) gateway. 


in-path-gateway 


Displays the in-path (WAN) gateway. 



minna # show ip route 
Destination Mask 
10.0.0.0 255.255.0.0 
default 0.0.0.0 
minna # 



Gateway 
0.0.0.0 
10.0.0.1 



show licenses 



Description Displays active licenses. 
Syntax show licenses 

Parameters None 

Example minna # show licenses 

XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX 

Feature: SH10BASE 

Valid: yes 

Active: yes 

Start date: 

End date: 

XXX - XXXXXX - XXXX - XXXX - X - XXXX - XXXX - XXXX 

Feature: SH10CIFS 

Valid: yes 

Active: yes 

Start date: 

End date: 

XXX-XXXXXX-XXXX-XXXX-X-XXXX-XXXX-XXXX 

Feature: SH10EXCH 

Valid: yes 

Active: yes 

Start date: 

End date: 



show limit bandwidth 

Description Displays current bandwidth threshold settings. 
Syntax show limit bandwidth 



3 Enable-Mode Commands 



Parameters None 

Example minna # show limit bandwidth 

Bandwidth Limit Disabled 
minna # 



show log 

Description Displays system logs. 

Syntax show log [continuous | files <log number>] 

Parameters 



continuous 


Continuously displays the log, similar to the tail -f command. 


files <log number> 


Displays a list of log files or a specific log file. 



Example minna # show log 

Dec 22 20:00:00 localhost /usr /sbin/crond [ 7 84 ] : (root) CMD (/usr/sbin/ 
logrotate /etc/logrotate . conf ) 

Dec 22 20:00:00 localhost cli[555]: [cli.INFO]: user admin: CLI got 
signal 2 (SIGINT) 

Dec 22 20:02:31 localhost cli[555]: [cli.INFO]: user admin: Executing 
command: show ip route 

Dec 22 20:02:38 localhost cli[555]: [cli.INFO]: user admin: CLI got 
signal 2 (SIGINT) 

Dec 22 20:03:16 localhost cli[555]: [cli.INFO]: user admin: CLI got 
signal 2 (SIGINT) 

Dec 22 20:04:00 localhost cli[555]: [cli.INFO]: user admin: Executing 
command: show ip route static 

Dec 22 20:05:02 localhost cli[555]: [cli.INFO]: user admin: Executing 
command: show licenses 

Dec 22 20:05:09 localhost cli[555]: [cli.INFO]: user admin: CLI got 
signal 2 (SIGINT) 

Dec 22 20:06:44 localhost cli[555]: [cli.INFO]: user admin: Executing 
command: show limit bandwidth 

Dec 22 20:06:49 localhost cli[555]: [cli.INFO]: user admin: CLI got 
signal 2 (SIGINT) 

Dec 22 20:07:12 localhost cli[555]: [cli.INFO]: user admin: Executing 
command: show log 



show logging 

Description Displays log settings. 
Syntax show logging 

Parameters None 

Example minna # show logging 

Local logging level: info 

Default remote logging level: info 

No remote syslog receivers configured. 

Number of archived log files to keep: 10 

Log rotation frequency: daily 

minna # 
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show ntp 

Description Displays Network Time Protocol (NTP) information. 
Syntax show ntp 

Parameters None 

Example minna # show ntp 

NTP enabled: yes 
No NTP peers configured. 
NTP server: 192.6.38.127 (version 4) 
NTP server: 66.187.224.4 (version 4) 
NTP server: 66.187.233.4 (version 4) 

show out-of-path 

Description Displays current out-of path configuration settings. 
Syntax show out-of-path 

Parameters None 

Example minna # show out-of-path 

Enabled: no 
Inner Port: 7810 

show peers 

Description Displays connected HP EFS WAN Accelerators. 
Syntax show peers 

Parameters None 

Example minna # show peers 

No connected appliances. 



show protocol cifs 

Description Displays the CIFS protocol settings. 
Syntax show protocol cifs 

Parameters None 

Example minna # show protocol cifs 

Enable transparent Prepopulation Support: no before the write opt one 
Disable CIFS Optimization: no 
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3 Enable-Mode Commands 



show protocol mapi 

Description Displays the Mail API (MAPI) prepopulation settings. 
Syntax show protocol mapi 

Parameters None 

Example minna # show protocol mapi 

Incoming MAPI port: 7830 

show qos 

Description Displays Quality of Service (QoS) settings. 
Syntax show qos 

Parameters None 

Example minna # show qos 

No quality of service settings. 

show radius 

Description Displays RADIUS configuration settings. 
Syntax show radius 

Parameters None 

Example minna # show radius 

No radius settings. 



show raid diagram 

Description Displays the physical layout of the RAID (Redundant Array of Independent 
Disks) disks. 

Syntax show raid diagram 

Parameters None 

Example minna # show raid diagram 

DL380-3010 layout: 

[ 3 ] [ 1 ] 



[ = 



= ] [ = 

] [ 
= ] [ = 



= ] 
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show raid error-msg 



Description 

Syntax 

Parameters 
Example 

Description 

Syntax 

Parameters 
Example 

Description 

Syntax 

Parameters 
Example 

Description 

Syntax 

Parameters 
Example 



Displays the RAID disk drives that are not functioning, 
show raid error-msg 

None 

minna # show raid error-msg 



show running-config 

Displays the running configuration. The show running-config full command 
displays all settings, even those that are set to the default value. 

show running-config [full] 

None 

minna # show running-config 
(displays running configuration) 



show service 

Displays current state of the HP EFS WAN Accelerator service. 

show service 

None 

minna # show service 
Service: Running 



show service authentication 

Displays current client and server authentication settings, 
show service authentication 

None 

minna # show service authentication 
Authentication Service: Not Enabled 



3 Enable-Mode Commands 



show snmp 



Description Displays current Simple Network Management Protocol (SNMP) server 
settings. 

Syntax show snmp 

Parameters None 

Example minna # show snmp 

SNMP enabled: yes 

System location: 

System contact: 

Read-only community: public 

Traps enabled: yes 

No trap sinks configured. 

show ssh server 

Description Displays the server settings. 
Syntax show ssh server 

Parameters None 

Example minna # show ssh server 

SSH server enabled: yes 



show stats 

Description Displays statistics. 

Syntax show stats {alarm <type>} 

[bandwidth all [lan-to-wan | wan-to-lan | bidirectional] [ports [all 
<portnumber>] [hour | day | week | month]] | 
[cpu] | 
[memory] | 

[data-reduction [hour | day | week | month]] | 
[traffic [hour | day | week | month]] 
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Parameters 



alarm <type> Displays alarm statistics. Specify alarm type or 

<carriage return>: bypass, cpu_util_ave, paging, 
raid_error, raid_warning, sw-version. 

bandwidth all [lan-to-wan | Displays bandwidth statistics, 

wan-to-lan | bidirectional] | 
[ports [all | <portnumber> 
[hour [ day | week | month]]] 



cpu 


Displays CPU statistics. 


memory 


Displays memory statistics. 


data reduction [hour | day | 


Displays throughput statistics for the last hour, 


week | month] 


day, week, or month 


traffic [hour | day | week | 


Displays traffic statistics for the last hour, day, 


month] 


week, or month. 



Example 



minna # show stats alarm 




Alarm bypass 


ok 


Alarm cpu_util_ave 


ok 


Alarm paging 


ok 


Alarm raid_error 


ok 


Alarm raid_warning 


ok 


Alarm sw-version 


(no 



show tacacs 

Description Displays Terminal Access Controller Access Control System (TACACS+) 
settings. 

Syntax show tacacs 

Parameters None 

Example minna # show tacacs 

No tacacs settings. 



show terminal 



Description Displays terminal settings. 
Syntax show terminal 

Parameters None 

Example minna # show terminal 

Terminal width: 80 columns 
Terminal length: 24 rows 



3 Enable-Mode Commands 



show usernames 



Description 

Syntax 

Parameters 
Example 



Description 

Syntax 

Parameters 

Example 



Description 

Syntax 

Parameters 
Example 



Displays information about active or configured users. 

show usernames 

None 

minna # show usernames 

admin 

monitor 

show version 

Displays the installed software version including build number, 
show version [concise] 



Displays the installed software version without build information. 



#minna # show version 



Product name: 
Product release: 
Build ID: 
Build date: 
Built by: 



rbtsh/linux 

Columbia 

#1 

2004-02-07 19:24:24 
root@releng 



show web 

Displays current web settings. 

show web 

None 

minna # show web 

web-based management console enabled: 
HTTP enabled: yes 
HTTP port: 80 
HTTPS enabled: yes 
HTTPS port: 443 

Inactivity timeout: 15 minutes 

Session timeout: 60 minutes 

Session renewal threshold: 3 0 minutes 
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slogin 



Description Enables log in to another HP EFS WAN Accelerator using ssh. To view 
options, enter slogin at the system prompt. 

Syntax slogin [<options>] 

Parameters 

<options> To view options, enter slogin at the system prompt. 



Example 



minna # slogin -1 usertest 



stats export 

Description Exports HP EFS WAN Accelerator performance statistics in a comma 
separated value (CSV) file so that you can easily transfer them to 
spreadsheets and database systems. 

Syntax stats export {<report name> <filename>} 

[after <date> <time> before <date> <time>] 

Usage You can view performance report statistics using the show stats command: 

show files stats <filename> 

You can move, delete, and upload statistics using the following commands: 

file stats move <source filename> <destination filename> 

file stats delete <filename> 

file stats upload <filename> <URL> 



3 Enable-Mode Commands 



Parameters 



<report name> <filename> Specifies the source file and the destination file. The 

following performance statistics are available: CPU 
statistics, memory ultilization, memory paging, 
aggregate bandwidth statistics for the hour, day, week, 
and month, and port bandwidth statistics for the hour, 
day, week, and month. 

If you do not specify a file name, a file name is 
automatically created: reportname-data-time. csv. If 
you do not specify the file extension (.csv), it is 
automatically appended to the new file. 

before <date> <time> Specifies the date and time from which the report 

should begin. For the date and time, use the following 
format: yyyy/mm/dd, hh:mm:ss. 

after <date> <time> Specifies the date and time from which the report 

should end. For the date and time, use the following 
format: yyyy/mm/dd, hh:mm:ss 



Example minna # stats export cpu_util cpureport . csv 
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3 Enable-Mode Commands 



CHAPTER 4 Configuration-Mode Commands 



2 



I 3 

1 

o 

s 



In This Chapter This chapter is a reference for configuration-mode commands. Configuration- 

mode commands set configuration properties for the HP EFS WAN 
Accelerator. 

To use configuration-mode commands, you must first enter enable-mode 
before you can execute configuration-mode commands. 

To enter 1. Connect to the CLI. For detailed information, see "Connecting to the 

configuration-mode Command-Line Interface" on page 17. 

2. To enter enable-mode, at the system prompt enter: 
adeline> enable 

3. To enter configuration-mode, at the system prompt enter: 

adeline # configure terminal 
adeline (config) # 

You are in configuration-mode. 

To exit configuration-mode, enter exit. For information about the exit 
command, see "exit" on page 21. 

This section contains the following configuration-mode commands: 

♦ "aaa authentication login default" on page 53 

♦ "aaa authorization map default-user" on page 54 

♦ "aaa authorization map order" on page 54 

♦ "arp" on page 55 

♦ "boot system" on page 55 

♦ "clear arp-cache" on page 55 

♦ "cli clear-history" on page 56 

♦ "cli default paging enable" on page 56 

♦ "cli session" on page 56 

♦ "clock set" on page 57 
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♦ 


"clock timezone" on page 57 


♦ 


"configuration copy" on page 58 


♦ 


"configuration delete" on page 58 


♦ 


"configuration fetch" on page 58 


♦ 


"configuration jump-start" on page 59 


♦ 


"configuration merge" on page 60 


♦ 


"configuration move" on page 61 


♦ 


"configuration new" on page 61 


♦ 


"configuration revert saved" on page 61 


♦ 


"configuration switch-to" on page 62 


♦ 


"configuration write" on page 62 


♦ 


"datastore notification" on page 62 


♦ 


"datastore receive" on page 63 


♦ 


"datastore send" on page 63 


♦ 


"duplex auto-correction allowed-changes" on page 63 


♦ 


"duplex auto-correction enable" on page 64 


♦ 


"duplex auto-correction error-threshold" on page 64 


♦ 


"duplex email-notify enable" on page 64 


♦ 


"email domain" on page 65 


♦ 


"email mailhub" on page 65 


♦ 


"email notify events enable" on page 65 


♦ 


"email notify events recipient" on page 65 


♦ 


'"email notify failures enable" on page 66 


♦ 


"email notify failures recipient" on page 66 


♦ 


"email send-test" on page 66 


♦ 


"failover buddy addr" on page 66 


♦ 


"failover buddy port" on page 67 


♦ 


"failover enable" on page 67 


♦ 


"failover master" on page 68 


♦ 


"failover port" on page 68 


♦ 


"file tcpdump" on page 68 


♦ 


"hostname" on page 69 


♦ 


"image boot" on page 69 


♦ 


"image delete" on page 69 


♦ 


"image fetch" on page 69 


♦ 


"image install" on page 70 
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♦ "image move" on page 70 

♦ "in-path client-oop enable" on page 71 

♦ "in-path enable" on page 71 

♦ "in-path forward interactive" on page 71 

♦ "in-path forward secure" on page 72 

♦ "in-path interface enable" on page 72 

♦ "in-path interface vlan tag" on page 72 

♦ "in-path kickoff" on page 73 

♦ "in-path layer-4 enable" on page 73 

♦ "in-path neighbor enable" on page 73 

♦ "in-path neighbor ip-address" on page 74 

♦ "in-path rule auto-discover" on page 74 

♦ "in-path rule fixed-target" on page 75 

♦ "in-path rule move" on page 76 

♦ "in-path rule pass-through" on page 76 

♦ "interface" on page 77 

♦ "ip default-gateway" on page 78 

♦ "ip domain-list" on page 78 

♦ "ip host" on page 78 

♦ "ip in-path route" on page 78 

♦ "ip in-path-gateway" on page 79 

♦ "ip name-server" on page 79 

♦ "ip route" on page 80 

♦ "license delete" on page 80 

♦ "license install" on page 80 

♦ "limit bandwidth max" on page 80 

♦ "logging" on page 81 

♦ "logging files delete" on page 81 

♦ "logging files rotation criteria frequency" on page 81 

♦ "logging files rotation criteria size" on page 82 

♦ "logging files rotation force" on page 82 

♦ "logging files rotation max-num" on page 82 

♦ "logging local" on page 83 

♦ "logging trap" on page 83 

♦ "ntpdate" on page 84 

♦ "ntp disable" on page 84 
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"ntp enable" on page 84 


♦ 


"ntp peer" on page 84 


♦ 


"ntp server" on page 85 


♦ 


"out-of-path enable" on page 85 


♦ 


"out-of-path port" on page 85 


♦ 


"protocol cifs disable write optimization" on page 86 


♦ 


"protocol cifs prepop enable" on page 86 


♦ 


"protocol cifs secure-sig-opt enable" on page 86 


♦ 


"protocol mapi nspi" on page 87 


♦ 


"protocol mapi port" on page 87 


♦ 


"protocol mapi prepop enable" on page 87 


♦ 


"qos port dscp" on page 88 


♦ 


"radius-server host" on page 88 


♦ 


"radius-server key" on page 89 


♦ 


"radius-server retransmit" on page 90 


♦ 


"radius-server timeout" on page 90 


♦ 


"segstore receive port" on page 90 


♦ 


"segstore send addr" on page 91 


♦ 


"service authentication secret" on page 91 


♦ 


"service enable" on page 92 


♦ 


"service error reset" on page 92 


♦ 


"snmp-server community" on page 92 


♦ 


"snmp-server contact" on page 93 


♦ 


"snmp-server enable" on page 93 


♦ 


"snmp-server host" on page 93 


♦ 


"snmp-server location" on page 94 


♦ 


"ssh server enable" on page 94 


♦ 


"stats alarm" on page 94 


♦ 


"stats chd" on page 95 


♦ 


"stats clear-all" on page 95 


♦ 


"stats sample" on page 95 


♦ 


"stats settings bandwidth" on page 96 


♦ 


"tacacs-server host" on page 96 


♦ 


"tacacs-server key" on page 97 


♦ 


"tacacs-server retransmit" on page 97 


♦ 


"tacacs-server timeout" on page 97 



4 Configuration-Mode Commands 



♦ "terminal" on page 98 

♦ "username disable" on page 98 

♦ "username nopassword" on page 98 

♦ "username password" on page 99 

♦ "username password 0" on page 99 

♦ "username password 7" on page 99 

♦ "username password cleartext" on page 100 

♦ "username password encrypted" on page 100 

♦ "username privilege" on page 101 

♦ "weep enable" on page 101 

♦ "weep mcast-ttl" on page 101 

♦ "weep service group" on page 102 

♦ "web auto-logout" on page 103 

♦ "web enable" on page 104 

♦ "web http enable" on page 104 

♦ "web http port" on page 104 

♦ "web https enable" on page 105 

♦ "web https port" on page 105 

♦ "web session renewal" on page 105 

♦ "web session timeout" on page 105 

♦ "write memory" on page 106 

♦ "write terminal" on page 106 



aaa authentication login default 

Description Configures Remote Authentication Dial-In User Service (RADIUS) or 
Terminal Access Controller Access Control System (TACACS+) login 
settings. The order in which the methods are specified is the order in which 
the authentication is attempted. The no command option clears all 
authentication states and returns user authentication to the local username 
database. 

Syntax aaa authentication login default <method> 

Parameters 



<method> Specifies the authentication method: radius, tacacs+, or local. Use a 
space separated list. 



Example minna (config) # aaa authentication login default radius tacacs+ 

minna (config) # 
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aaa authorization map default-user 

Description Sets the local user default mapping for RADIUS or TACACS+ server 

authentication. When a user is authenticated (via RADIUS or TACACS+) and 
does not have a local account, this command specifies what local account the 
authenticated user will be logged in as. If the user name is local, this mapping 
is ignored. This mapping depends on the setting of the aaa authorization 
map order command. 

Syntax aaa authentication login default <user_name> 

Parameters 



<user_name> Specifies the user name for RADIUS or TACACS+ authentication: 
admin or monitor. 



Example minna (config) # aaa authorization map default-user admin 

minna (config) # 



aaa authorization map order 

Description Sets the order for remote to local user mappings for RADIUS or TACACS+ 
server authentication. 



Syntax 
Parameters 



aaa authentication map order <policy> 



<policy> Specifies the order in which to apply the authentication policy: 

remote-only, remote-first, local-only. 

Usage Used when authenticating users via RADIUS or TACACS+. The order 

determines how the remote user mapping behaves. If the authenticated user 
name is valid locally, no mapping is performed. The setting has the following 
behaviors: 



remote-first. If a local-user mapping attribute is returned and it is a valid 
local user name, map the authenticated user to the local user specified in 
the attribute. If the attribute is not present or not valid locally, use the user 
specified by the default-user command. (This is the default behavior.) 

remote-only. Map only to a remote authenticated user if the 
authentication server sends a local-user mapping attribute. If the attribute 
does not specify a valid local user, no further mapping is attempted. 

local-only. All remote users are mapped to the user specified by the aaa 
authorization map default-user <user name> command. Any vendor 
attributes received by an authentication server are ignored. 
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Example 



To set TACACS authorization levels (admin and read-only) to allow certain 
members of a group to log in, add the following attribute to users on the 
TACACS server: 

service = rbt-exec { 

local-user-name = "monitor" 

} 

where you replace monitor with admin for write access. To turn off general 
authentication in the HP EFS WAN Accelerator, type the following command 
at the system prompt: 

aaa authorization map order remote-only 

minna (config) # aaa authorization map order remote-only 
minna (config) # 
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Description 

Syntax 
Parameters 



arp 



Creates static Address Resolution Protocol (ARP) entries in the ARP table. 
The no command option disables ARP static entries. 

arp <addr> <MACaddr> 



<addr> Specifies the IP address of the machine. 

<MACaddr> Specifies the Media Access Control (MAC) address. 

Example minna (config) # arp 10.0.0.0 00 : 07 : E9 : 55 : 10 : 09 

minna (config) # 

boot system 

Description Boots the specified partition the next time the appliance is rebooted. 

Syntax boot system <partition> 

Parameters 



<partition> 



Specifies the partition to boot: 1 or 2. 



Example minna (config) # boot system 1 

minna (config) # 



clear arp-cache 

Description Clears dynamic entries in the ARP cache. This does not delete static ARP 
entries configured with the arp command. 

Syntax clear arp-cache 
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Parameters 
Example 

Description 

Syntax 

Parameters 
Example 

Description 

Syntax 

Parameters 
Example 

Description 
Syntax 



None 

minna (config) # clear arp-cache 
minna (config) # 



cli clear-history 

Clears the command history for the current user, 
cli clear-history 

None 

minna (config) # cli clear-history 
minna (config) # 



cli default paging enable 

Sets paging so that it is enabled each time you log in. With paging enabled, if 
there is too much text to fit on the page, the CLI prompts you for the next 
page of text. The no command option disables paging. 

cli default paging enable 

None 

minna (config) # cli default paging enable 
minna (config) # 



cli session 

Sets CLI options for current session only. 

cli session {auto-logout <minutes> | paging enable | terminal length 
<lines> | type <terminal_type> | width <characters>} 
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Parameters 



auto-logout <minutes> 



Sets the number of minutes before the CLI 
automatically logs out the user. The default value is 
15 minutes. The no command option disables the 
automatic logout feature. 



O 



paging enable 



terminal length <lines> 
type <terminal_type> | 
width <characters> 



With paging enabled, if there is too much text to fit 
on the page, the CLI prompts you for the next page 
of text. The no command option disables paging. 

Sets the terminal length. The no command option 
disables the terminal settings. 
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type <terminal_type> 



width <terminal width> 



Sets the terminal type. The no command option 
disables the terminal settings. 

Sets the terminal width. The no command option 
disables the terminal settings. 



Example minna (config) # cli session auto-logout 20 

minna (config) # 



clock set 

Description Sets the system time and date. 

Syntax clock set {<hh:mm:ss> | <yyyy/mm/dd>} 

Parameters 



<hh:mm:ss> Specifies the hour, minutes, and seconds. 

<yyyy/mm/dd> Specifies the year, month, and day. 



Example minna (config) # clock set 12:34:55 

minna (config) # 



clock timezone 

Description Sets the current time zone. The default value is Greenwich Mean Time 
(GMT-offset). 

Syntax clock timezone <zone> 

Parameters 



<zone> 



Specifies the time zone name. 



Example minna (config) # clock timezone GMT 

minna (config) # 
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configuration copy 

Description Copies a configuration file. 

Syntax configuration copy <sourcename> <new-filename> 

Parameters 



<sourcename> Specifies the source configuration file. 

<new-filename> Specifies the new configuration file. 

Example minna (config) # configuration copy westcoast eastcoast 

minna (config) # 



configuration delete 

Description Deletes a configuration file. For an example of usage, see "configuration 
merge" on page 60. 



Syntax 
Parameters 



configuration delete <name> 



<name> 



Specifies the name of the configuration file. 



Example minna (config) # configuration delete westcoast 

minna (config) # 



configuration fetch 

Description Downloads a configuration file over the network. 

You can avoid copy and paste errors by using the import configuration option 
when you are replacing or adding an HP EFS WAN Accelerator in your 
network. Simply connect the replacement HP EFS WAN Accelerator to your 
LAN and import the configuration from your existing HP EFS WAN 
Accelerator. If you are swapping one HP EFS WAN Accelerator for another, 
you can import all of the network information (although not the licenses) and 
disconnect the old HP EFS WAN Accelerator before you switch configurations 
on the new appliance. 

To deploy a large network of HP EFS WAN Accelerators, you can avoid 
configuring each appliance individually by setting up a template appliance 
and using the configuration import option to copy the template to each 
appliance. 

Syntax configuration fetch <URL or scp: / /username:password@hostname/path/ 

filename> 
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Parameters 



<URL or scp:// 

username:password@host 

name/path/filename> 



Specifies the location of the configuration file to 
download. To copy a configuration file from 
another HP EFS WAN Accelerator, use the 
following format: 

scp : / /admin : password@other-appliance/ 
conf ig/db/ configuration- file 



Usage To copy one configuration file to another HP EFS WAN Accelerator, run the 

following set of commands: 

configuration fetch <url - to-remote-con fig> <new-config-name> 
; ; this fetches the configuration from the remote 

configuration switch-to <new-config-name> 

; ; this activates the newly fetched configuration 
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Example minna (config) # configuration fetch http://domain.com/westcoast 

newconf ig 

minna (config) #conf iguration switch-to newconfig 



Description 

Syntax 

Parameters 
Example 



configuration jump-start 

Reruns the configuration wizard, 
configuration jump-start 

None 

minna (config) # configuration jump-start 
Configuration wizard. 

Hostname? [telegraph] 
Use DHCP? [no] 

Primary IP address? [10.0.0.74] 
Netmask? [255.255.0.0] 
Default gateway? [10.0.0.1] 
Primary DNS server? [10.0.0.2] 
Domain name? [domain.com]" 
Admin password? 

Copy config from another site? [no] 
Set the primary interface speed? [auto] 
Set the primary interface duplex? [auto] 

Would you like to activate the in-path configuration? [no] 
In-Path IP address? [0.0.0.0] 
In-Path Netmask? [0.0.0.0] 255.255.0.0 
In-Path Default gateway? [0.0.0.1] 
Set the in-path:LAN interface speed? [auto] 
Set the in-path:LAN interface duplex? [auto] 
Set the in-path:WAN interface speed? [auto] 
Set the in-path:WAN interface duplex? [auto] 
You have entered the following information: 

1. Hostname: minna 

2. Use DHCP: no 

3. Primary IP address: 10.0.0.74 

4. Netmask: 255.255.0.0 

5. Default gateway: 10.0.0.1 

6. Primary DNS server: 10.0.0.2 



Step 


1: 


Step 


2 : 


Step 


3: 


Step 


4: 


Step 


5: 


Step 


6: 


Step 


7 : 


Step 


8: 


Step 


9: 


Step 


10 


Step 


11 


Step 


12 


Step 


13 


Step 


14 


Step 


15 


Step 


16 


Step 


17 


Step 


18 


Step 


19 



HP EFS WAN Accelerator Command-Line Interface Reference Manual 



59 



7. Domain name: domain.com 

8. Admin password: (unchanged) 

9. Copy config from another site: no 

10. Set the primary interface speed: auto 

11. Set the primary interface duplex: auto 

12. Would you like to activate the in-path configuration: yes 

13. In-Path IP address: 0.0.0.0 

14. In-Path Netmask: 255.255.0.0 

15. In-Path Default gateway: 0.0.0.1 

16. Set the in-path: LAN interface speed: auto 

17. Set the in-path: LAN interface duplex: auto 

18. Set the in-path:WAN interface speed: auto 

19. Set the in-path:WAN interface duplex: auto 

To change an answer, enter the step number to return to. 
Otherwise hit <enter> to save changes and exit. 
Choice : 



configuration merge 

Description Merges common configuration settings from one HP EFS WAN Accelerator 
to another. Use this command to deploy a network of appliances. Set up a 
template appliance and merge the template with each appliance in the 
network. 

The following configuration settings are not merged when you run the 
configuration merge command: failover settings, SNMP SysContact and 
SysLocation, log settings, and all network settings (for example, host name, 
auxiliary interface, DNS settings, defined hosts, static routing, and in-path 
routing). 

The following configuration settings are merged when you run the 
configuration merge command: in-path, out-of-path, protocols, statistics, CLI, 
email, NTP and time, web, SNMP, and alarm. 

Syntax configuration merge <new-config-name> 

Parameters 



<new-config-name> Specifies the new configuration name. 



Usage To merge a configuration file, run the following set of commands: 

configuration write to <new-conf ig-name> 

; ; this saves the current config to the new name and activates 
; ; the new configuration 
configuration fetch <url-to-remote-config> <temp-config-name> 

; ; this fetches the configuration from the remote 
configuration merge < temp -con fig-name> 

; ; this merges the fetched config into the active configuration 
; ; which is the newly named/created one in step 1 above 
configuration delete < temp -con fig-name> 

; ; this deletes the fetched configuration as it is no longer 
; ; needed since you merged it into the active configuration 



60 



4 Configuration-Mode Commands 



Example minna (config) # configuration write to newconfig 

minna (config) #conf iguration fetch http://domain.com/remoteconfig 
tempconf ig 

minna (config) #conf iguration merge tempconfig 

minna (config) #conf iguration delete tempconfig 

minna (config) # 



configuration move 

Description Moves and renames a configuration file. 
Syntax configuration move <sourcename> <destname> 

Parameters 

<sourcename> Specifies the name of the source configuration file. 
<destname> Specifies the name of the new configuration file. 

Example minna (config) # configuration move westcoast eastcoast 

minna (config) # 
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configuration new 

Description Creates a new, blank configuration file. 



WARNING: HP recommends that you use the keep licenses command option. If you 
do not keep licenses, your new configuration will not have a valid license key. 



Syntax configuration new (<new-filename> [keep licenses]} 

Parameters 



Example 



<new-filename> Specifies the name of the new configuration file. 

keep licenses Create a new configuration file with default settings and active 

licenses. 



minna (config) # configuration new westcoast 
minna (config) # 



configuration revert saved 

Description Reverts active configuration to the last saved configuration. 
Syntax configuration revert saved 

Parameters None 
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Example minna (config) # configuration revert saved 

minna (config) # 



configuration switch-to 

Description Loads a new configuration file and makes it the active configuration. For an 
example of usage, see "configuration merge" on page 60. 

Syntax configuration switch-to j<filename> | initial | initial.bak} 

Parameters 



Example 



<filename> 


Specifies the name of the new configuration file. 


initial 


Specifies the initial configuration. 


initial.bak 


Specifies the initial backup configuration. 



minna (config) # configuration switch-to westcoast 
minna (config) # 



configuration write 

Description Writes the current, active configuration file to memory. 

Syntax configuration write [to <filename>] 

Parameters 



Example 



to <filename> Save the running configuration to a file and make it active. 



minna (config) # configuration write 
minna (config) # 



datastore notification 

Description Enables automatic email notification. You are notified when all the data in the 
data store is replaced with new data in less time than you specify. The no 
command option disables email notification. 

Syntax datastore notification enable [wrap-around <days>] 

Parameters 



enable 


Enables automatic email notification when all the data in 




the data store is replaced with new data in less time than 




you specify. 


wrap-around <days> 


Specifies the number of days to elapse before sending an 




email message notifying you that the data in the data store 




has been replaced. 
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Example minna (config) # datastore notification enable wrap-around 2 

minna (config) # 



datastore receive 

Description Receives the data store from another HP EFS WAN Accelerator. 
Syntax datastore receive port <port_number> 

Parameters 



o 
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Example 



<port_number> Specifies the port number. 

minna (config) # datastore receive port 1234 
minna (config) # 



datastore send 

Description Sends the data store to another HP EFS WAN Accelerator. 
Syntax datastore send <addr> <port> 

Parameters 



Example 



<addr> <port> Specifies the IP address and port of the HP EFS WAN Accelerator. 



minna (config) # datastore send 10.0.0.03 
minna (config) # 



duplex auto-correction allowed-changes 

Description Sets the number of allowed automatic duplex changes settings. If a duplex 

mismatch is detected, the HP EFS WAN Accelerator cycles through different 
duplex settings for the interface, selecting the best configuration. After a 
duplex mismatch has been detected, a log message is recorded and email is 
sent. 

Syntax duplex auto-correction allowed-changes <number> 

Parameters 



<number> 



Specifies the number of times to change duplex settings. 



Example minna (config) # duplex auto-correction allowed-changes 5 

minna (config) # 
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duplex auto-correction enable 



Description 



Syntax 

Parameters 
Example 

Description 

Syntax 
Parameters 



Example 

Description 

Syntax 

Parameters 
Example 



Enables automatic duplex correction. If a duplex mismatch is detected, the 
HP EFS WAN Accelerator cycles through duplex settings for the interface, 
selecting the best configuration. After a duplex mismatch has been detected, a 
log message is recorded and email is sent.The automatic correction feature 
functions only when the HP EFS WAN Accelerator is set at auto or full 
duplex. The no command option disables the duplex correction feature. 

duplex auto-correction enable 

None 

minna (config) # duplex auto-correction enable 
minna (config) # 



duplex auto-correction error-threshold 

Sets the number of allowed automatic duplex changes settings. If a duplex 
mismatch is detected, the HP EFS WAN Accelerator cycles through duplex 
settings for the interface, selecting the best configuration. After a duplex 
mismatch is detected, a log message is recorded and email is sent. 

duplex auto-correction error-threshold <interface> <allowed_errors> 



<interf ace> Specifies the interface upon which to apply duplex automatic 

correction: primary, aux, lan, wan. 

<alllowed_errors> Specifies the number of allowed duplex errors for the interface. 
The default value is 5. 



minna (config) # duplex auto-correction error-threshold primary 10 
minna (config) # 



duplex email-notify enable 

Sets automatic email notification when a duplex correction is made. The no 
command option disables email notification. 

duplex email-notify enable 

None 

minna (config) # duplex email-notify enable 
minna (config) # 



4 Configuration-Mode Commands 



email domain 



Description Specifies the domain for email notifications. Use this command only if the 

email address does not contain the domain. The no command option disables 
the email domain. 

Syntax email domain <hostname or IP address> 

Parameters 

<hostname or IP address> Specifies the domain for email notifications (only if the 

email address does not contain it). 
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Example minna (config) # email domain example.com 

minna (config) # 



email mailhub 

Description Specifies the Simple Mail Transfer Protocol (SMTP) server for email 
notifications. The no command option disables the SMTP server. 

Syntax email mailhub <host name or IP address> 

Parameters 

<host name or IP address> Specifies the SMTP server for email notifications. 

Example minna (config) # email mailhub mail-server.example.com 

minna (config) # 



email notify events enable 



Description Enables email notification for events. The no command option disables email 
notification. 

Syntax email notify events enable 

Parameters None 

Example minna (config) # email notify events enable 

minna (config) # 



email notify events recipient 



Description Enables email notification for events. The no command option disables email 
notification. 



Syntax 



email notify events recipient <email addr> 
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Parameters 



Example 



<email addr> Specifies the email address of users to receive notification of events. 

minna (config) # email notify events recipient example@example.com 
minna (config) # 



email notify failures enable 

Description Enables email notification of HP EFS WAN Accelerator failures such as core 
dumps. The no command option disables this command. 

Syntax email notify failures 

Parameters None 

Example minna (config) # email notify failures enable 

minna (config) # 



Description 

Syntax 
Parameters 



email notify failures recipient 

Enables email notification of HP EFS WAN Accelerator failures such as core 
dumps. The no command option disables this command. 

email notify failures recipient <email addr> 



recipient <email-addr> Specifies the email address of users to receive notification 

of failures. 

Example minna (config) # email notify failures recipient example@example.com 

minna (config) # 



email send-test 

Description Sends test email to all configured event and failure recipients. 
Syntax email send-test 

Parameters None 

Example minna (config) # email send-test 

minna (config) # 



failover buddy addr 

Description Sets the buddy (failover) IP address. The buddy machine is the failover 

(backup) machine. If the master HP EFS WAN Accelerator fails the failover 

4 Configuration-Mode Commands 



HP EFS WAN Accelerator takes over. The default value is 0.0.0.0. The no 
command option resets the buddy IP address to the default value. 



Syntax f ailover buddy addr <IPaddress> 

Parameters g 

i s 

<IPaddress> Specifies the IP address for the failover, backup machine. The | *» 

default value is 0.0.0.0. § | 



Example minna (config) # failover buddy addr 10.10.10.1 

minna (config) # 




failover buddy port 

Description Sets the buddy, failover port. The buddy machine that is the failover (backup) 
machine. If the master HP EFS WAN Accelerator fails the failover HP EFS 
WAN Accelerator takes over. The default value is 7820. The no command 
option resets the buddy, failover port to the default value. 

Syntax failover buddy port <port> 

Parameters 



<port> Specifies the port number. 



Example minna (config) # failover buddy port 2515 

minna (config) # 



failover enable 

Enables failover support. Failover support enables a redundant (backup) HP 
EFS WAN Accelerator so that if the master HP EFS WAN Accelerator fails, the 
traffic is routed automatically through the failover (failover or buddy) HP EFS 
WAN Accelerator. 

Valid values must exist for the port, buddy address, and buddy port before 
this command can complete. The no command option disables failover 
support. 

Syntax failover enable 

Parameters None 

Example minna (config) # failover enable 

minna (config) # 
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fai lover master 



Description Sets this HP EFS WAN Accelerator as the primary or master appliance. If the 
master appliance fails, the traffic is routed automatically through the failover 
(failover or buddy) HP EFS WAN Accelerator. The default value is true. The 
no command option sets this appliances as the failover (buddy or backup) 
machine. 



Syntax 

Parameters 
Example 



failover master 



None 



minna (config) # failover master 
minna (config) # 



failover port 



Description 

Syntax 
Parameters 



Sets the local failover port. The failover machine is the buddy (backup) 
machine. The default value is 7820. The no command option resets the local 
failover port to the default value. 

failover port <port> 



<port> 



Specifies the port number. 



Example minna (config) # failover port 2515 

minna (config) # 



Description 
Syntax 

Parameters 



file tcpdump 

Deletes or uploads a tcpdump file. 

file tcpdump {delete <filename> | upload <filename> <URL or scp:// 
username:password@hostname/path/filename>} 



delete <filename> Deletes the tcpdump file. 



upload <filename> 
<URL or scp:// 
username:passwo 
rd@hostname/ 
path/filename> 



Uploads a tcpdump output file to a remote host. 



Example minna (config) # file tcpdump delete dumpfile 

minna (config) # 



4 Configuration-Mode Commands 



hostname 



Description Sets the host name for this machine. The no command option removes the 
hostname for this machine. 



Syntax 
Parameters 

Example 



hostname <hostname> 
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<hostname> 



Specifies the host name. Do not include the domain name. 



minna (config) # hostname park 
minna (config) # 



image boot 

Description Boots the specified system image by default. 

Syntax image boot <partition> 

Parameters 



Example 



<partition> 



Specifies the partition to boot: 1 or 2. 



minna (config) # image boot 1 
minna (config) # 



image delete 

Description Deletes the specified software image. 
Syntax image delete <image-filename> 

Parameters 



<image-f ilenamo Specifies the software image to delete. 



Example 



minna (config) # image delete snkvl . 0 
minna (config) # 



image fetch 

Description Downloads a software image from a remote host. 

Syntax image fetch <URL or scp: / /username:password@hostname/path/filename> 

<image-filename> 
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Parameters 



Example 



<URL or Specifies the location of the software image. A carriage 

SC p:// return downloads the image and gives it the same name 

username:password@h * had on the server. 

ostname/path/ 

filenamo 



<image-filename> 



Specifies the filename under which to store the image 
locally. 



minna (config) # image fetch http://www.domain.eom/v.l.0 versionl.O 
minna (config) # 



image install 

Description Installs the software image onto a system partition. 
Syntax image install <image-filename> <partition> 

Parameters 



Example 



<image-filename> 


Specifies the software image filename. 


<partition> 


Specifies the partition number: 1, 2. 



minna (config) # image install versionl.O 2 
minna (config) # 



image move 

Description Moves or renames an inactive system image on the hard disk. 
Syntax image move <source-image-name> <new-image-name> 

Parameters 

<source-image-name> Specifies the name of the software image to move or 
rename. 

<new-image-name> Specifies the new name of the software image. 

Example minna (config) # image move www. domain . com/v . 1 . 0 versionl.O 

minna (config) # 



4 Configuration-Mode Commands 



in-path client-oop enable 



Description Enables out-of-path support for Layer-4 switches, Policy Based Routing 

(PBR), and Web Cache Communication Protocol (WCCP) configurations. An 
out-of-path configuration is a configuration in which the HP EFS WAN 
Accelerator is not in the direct path of the client, the Wide Area Network 
(WAN), and the server. The no command option disables client out-of-path 
support. 



IMPORTANT: When you connect to the WAN port on the HP EFS WAN Accelerator 
for WCCP, the LAN port no longer passes traffic. You cannot run the HP EFS WAN 
Accelerator in both in-path and client out-of-path mode. 



Syntax in-path client-oop enable 

Parameters None 

Example minna (config) # in-path client-oop enable 

minna (config) # 



in-path enable 

Description Enables in-path support. An in-path configuration is a configuration in which 
the HP EFS WAN Accelerator is in the direct path of the client, the WAN, and 
the server. 

Syntax in-path enable 

Parameters None 

Example minna (config) # in-path enable 

minna (config) # 



Syntax 

Parameters 
Example 



in-path forward interactive 

Enables automatic forwarding of traffic on known interactive ports. For a list 
of ports that are automatically forwarded, see "Interactive Ports Automatically 
Forwarded by the HP EFS WAN Accelerator" on page 134. The no command 
option disables in-path forwarding. 

in-path forward interactive 

None 

minna (config) # in-path forward interactive 
minna (config) # 
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in-path forward secure 



Description Enables automatic forwarding of traffic on known secure ports. For a list of 
ports that are automatically forwarded, see "Secure Ports Automatically 
Forwarded by the HP EFS WAN Accelerator" on page 134. The no command 
option disables in-path forwarding. 

Syntax in-path forward secure 

Parameters None 

Example minna (config) # in-path forward secure 

minna (config) # 

in-path interface enable 

Description Enables the in-path interface for optimization. 
Syntax in-path interface <interface> enable 

Parameters 



<interface> Specifies the IP address of the in-path interface. 



Example minna (config) #in-path interface 10.0.0.1 enable 

minna (config) # 

in-path interface vlan tag 

Description Enables VLAN support on an in-path HP EFS WAN Accelerator on a trunked 
link. The in-path interface vlan command enables you to set which VLAN to 
use when the HP EFS WAN Accelerator communicates with another HP EFS 
WAN Accelerator. It does not define which VLAN to optimize. To define 
which VLAN to optimize you must define in-path rules and apply them to all 
VLANS or a specific VLAN. The no command option disables the VLAN 
support. 

Syntax in-path interface <interface> vlan tag <id> 

Parameters 



<interface> 


Specifies the in-path HP EFS WAN Accelerator for which the 




VLAN applies. 


<id> 


Specifies the VLAN identification number. The VLAN 




identification number is a value with a range from 0-4094 (0 




means no tagging). 



Example minna (config) #in-path interface 10.0.0.1 vlan 26 

minna (config) # 



4 Configuration-Mode Commands 



in-path kickoff 



Description Resets open connections on start up. The no command option disables the in- 
path kickoff feature. 

When the HP EFS WAN Accelerator is not powered on or the HP EFS WAN 
Accelerator service is not running, the failover HP EFS WAN Accelerator takes 
over so that connections continue to be made to the WAN. With kickoff 
enabled, when the HP EFS WAN Accelerator service starts, it breaks existing 
connections and forces clients to open a new connection. With kickoff 
disabled, open connections are not broken but they unoptimized — new 
connections are optimized. 

Syntax in-path kickoff 

Parameters None 

Example minna (config) # in-path kickoff 

minna (config) # 



in-path layer-4 enable 

Description Enables Policy Based Routing (PBR) support. PBR is a router configuration 
that allows you to define policies to route packets instead of relying on 
routing protocols. It is enabled on an interface basis and packets coming into 
a PBR-enabled interface are checked to see if they match the defined policies. 

For detailed information, see "Configuring PBR" on page 117. 



Syntax 

Parameters 
Example 



in-path layer-4 enable 

None 



minna (config) # in-path layer-4 enable 
minna (config) # 



in-path neighbor enable 

Description Enables connection forwarding in networks where there is asymmetric 

routing. For example, connection forwarding is enabled when packets come 
back to the client on a different path than the one they used to reach the 
server. The no command option disables connection forwarding support. 



When multiple HP EFS WAN Accelerators are forwarding packets to each 
other, they are called neighbors. If you have one path (SHI) from the client to 
the server and a different path (SH2) from the server to the client, you need to 
enable in-path connection forwarding and set the IP address for each neighbor 
HP EFS WAN Accelerator. For example: 
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minna (config) # in-path neighbor enable 

minna (config) #in-path neighbor ip-address 10.0.0.4 

;; client-side appliance 

minna (config) #in-path neighbor ip-address 10.0.0.6 
; ; the server-side appliance 



NOTE: If there are more than two possible paths, additional HP EFS WAN 
Accelerators must to be installed on each path and configured as neighbors. Neighbors 
are notified in parallel so that the delay introduced at connection set up is equal to the 
time it takes to get an acknowledgement from the furthest neighbor. 



Syntax in-path neighbor enable 

Parameters None 

Example minna (config) # in-path neighbor enable 

minna (config) #in-path neighbor ip-address 10.0.0.4 
minna (config) #in-path neighbor ip-address 10.0.0. 



in-path neighbor ip-address 

Description Sets the IP address for the neighbor HP EFS WAN Accelerator for connection 
forwarding. The no command option disables the IP address for the neighbor 
HP EFS WAN Accelerator. 

When multiple HP EFS WAN Accelerators are forwarding packets to each 
other, they are called neighbors. If you have one path (SHI) from the client to 
the server and a different path (SH2) from the server to the client, you need to 
enable in-path packet redirection and set the IP address for each neighbor HP 
EFS WAN Accelerator. For example: 

minna (config) # in-path neighbor enable 

minna (config) #in-path neighbor ip-address 10.0.0.4 

;; client-side appliance 

minna (config) #in-path neighbor ip-address 10.0.0.6 
; ; the server-side appliance 



Syntax 
Parameters 



in-path neighbor ip-address (addr> 



<addr> 



Specifies the IP address of the neighbor HP EFS WAN 
Accelerator. 



Example minna (config) # in-path neighbor ip-address 10.0.0.4 

minna (config) # 



in-path rule auto-discover 



Description Adds an in-path, auto-discovery rule. The HP EFS WAN Accelerator 

automatically intercepts and optimizes traffic on all IP addresses (0.0.0.0) 
and ports (all). 
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4 Configuration-Mode Commands 



The no command option disables the in-path auto-discover rule. The no 
command option has the following syntax: no in-path <rulenum>. 



Syntax 



Parameters 



in-path rule auto-discover {destaddr <addr> destport <port> 
[scraddr <addr>] [rulenum <rulenum>] [vlan <vlan tag ID>]} 



destaddr <addr> 


Specifies the destination server address. For example: 




10.0.0.0/24. 


destport <port> 


Specifies the destination port number. You can also specify a 




wildcard (* ) . 


srcaddr <addr> 


Specifies the source IP address for which this rule applies. For 




example: 10.0.0.3/24. 



rulenum <rulenum> 



vlan <vlan tag ID> 



Specifies the rule number: 1-N or start or end. The rule inserts 
itself at the rule specified. For example, if rulenum is 3 then 
the new rule will be #3, the old #3 rule will be #4 and so forth. 
Start specifies the rule to be the first rule and end specifies it 
to be the last rule. 

Specifies the VLAN tag ID for which the rule applies. The 
VLAN identification number is a value with a range from 0- 
4094 (0 means no-tagging). 
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Example minna (config) # in-path rule auto-discover addr 10.10.10.1 port 2121 

rulenum 2 5 
minna (config) # 



in-path rule fixed-target 

Description Adds a in-path, fixed-target rule. Specify an HP EFS WAN Accelerator 

between the client and server on which to intercept and optimize traffic. The 
no command option disables the in-path rule. The no command option has 
the following syntax: no in-path rule <rulenum>. 

Syntax in-path rule fixed-target 

{destaddr <addr> destport <port> [srcaddr <addr>] [rulenum <num>]} 
{target-addr <addr> target-port <port>} [[backup-addr <addr> backup-port 
<port>] [vlan <vlan tag ID>]] 
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Parameters 



destaddr <addr> 


Specifies the destination server address. For example: 




10.0.0.0/24. 


destport <port> 


Specifies the destination port number. You can also 




specify a wildcard (* ) . 


srcaddr <addr> 


Specifies the source IP address for packets to be 




intercepted by this rule. For example: 10.0.0.3/24. 



rulenum <rulenum> Specifies the rule number: 1-n or start or end. The rule 

inserts itself at the rule specified. For example, if 
rulenum is 3 then the new rule will be #3, the old #3 rule 
will be #4 and so forth. Start specifies the rule to be the 
first rule and end specifies it to be the last rule. 



target-addr <addr> Specifies the IP address and port number for the target 

target-port <port> | and backup HP EFS WAN Accelerators for out-of-path 

backup-addr <addr> configurations, 
[backup-port <port>] 

vlan <vlan tag ID> Specifies the VLAN tag ID for which the rule applies. 

The VLAN identification number is a value with a range 
from 0-4094 (0 means no-tagging). 



Example minna (config) # in-path rule fixed-target addr 10.10.10.1 port 2121 

target-addr 10.24.24.24.1 
minna (config) # 



in-path rule move 

Description Moves an in-path rule. 

Syntax in-path rule move <rulenum> to <rulenum> 

Parameters 



<rulenum> Specifies the rule number or start or end. 



Example minna (config) # in-path rule move 25 to 10 

minna (config) # 



in-path rule pass-through 

Description Adds an in-path, pass-through rule. Specify a subnet for which you do not 
want to optimize traffic. The no command option disables the in-path rule. 
The no command option has the following syntax: no in-path rule 
<rulenum>. 



Syntax in-path rule pass-through 

{destaddr <addr> destport <port> [srcaddr <addr>] [rulenum <rulenum>] 
[vlan <vlan tag ID>]} 



4 Configuration-Mode Commands 



Parameters 



destaddr <addr> 


Specifies the destination server address. For example: 




10.0.0.0/24. 


destport <port> 


Specifies the destination port number. You can also specify a 




wildcard (* ) . 


srcaddr <addr> 


Specifies the source IP address for which this rule applies. 




For example: 10.0.0.3/24. 



rulenum <rulenum> 



vlan <vlan tag ID> 



Specifies the rule number: 1-N or start or end. The rule 
inserts itself at the rule specified. For example, if rulenum is 3 
then the new rule will be #3, the old #3 rule will be #4 and so 
forth. Start specifies the rule to be the first rule and end 
specifies it to be the last rule. 

Specifies the VLAN tag ID for which the rule applies. The 
VLAN identification number is a value with a range from 0- 
4094 (0 means no-tagging). 
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Example minna (config) # in-path rule pass-through addr 10.10.10.1 port 2121 

rulenum 2 5 
minna (config) # 



interface 

Description Configures network interfaces. The no command option disables the interface 
settings. 



Syntax 
Parameters 



interface (<interfacename> <options>} 



<interfacename> 



Specifies the interface name: aux, lan, wan, primary, 
in-path. 



<options> 



Each interface has the following configuration options: 

• dhcp. Enables Dynamic Host Configuration Protocol 
(DHCP) on the interface. 

• duplex <speed>. Specifies the duplex speed: auto, 
full, half. 

• ip address <addr>. Specifies IP address for the 
interface. 

• netmask. Specifies the netmask for the interface. 

• shutdown Shuts down the interface. 

• speed <speed>. Specifies the speed for the interface: 
auto, 10, 100, 1000. 

• mtu <speed>. Configures the Maximum 
Transmission Unit (MTU). The MTU is set once on 
the in-path interface, it propagates automatically to 
the LAN and the WAN. The no command option 
disables the MTU setting. 



Example (config) # interface lan dhcp 100 

(config) # 
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ip default-gateway 

Description Sets the default gateway IP address. The no command option disables the 
default gateway IP address. 

Syntax ip default-gateway <addr> 

Parameters 



<addr> Specifies the IP address. 

Example minna (config) # ip default-gateway 10.10.10.1 

minna (config) # 



ip domain-list 

Description Adds a domain name to the domain list for resolving host names. The no 
command option removes a domain from the domain list. 

Syntax ip domain list <domain> 

Parameters 



<domain> 



Specifies the domain name. 



Example minna (config) # ip domain-list example.com 

minna (config) # 



ip host 

Description Adds an entry to the static host table. The no command option removes an 
entry from the static host table. 

Syntax ip host <hostname> <addr> 

Parameters 

<hostname> Specifies the host name. 
<addr> Specifies the IP address. 

Example minna (config) # ip host park 10.10.10.1 

minna (config) # 



ip in-path route 



Description Adds a static in-path route.The no command option removes an in-path 
route. 



4 Configuration-Mode Commands 



Syntax ip in-path route <network prefix> <network mask> <next hop IP address> 

Parameters 



<network prefix> 


Specifies the network prefix. 


<network mask> 


Specifies the netmask. 


<next hop IP 


Specifies the next hop IP address in this route or WAN 


address or WAN 


gateway. 


gateway> 





Usage In-path interfaces use routes from an in-path route table. To configure in-path 

routes you set a new in-path route that points to your WAN gateway. You 
must also copy any static routes that you have added to the main table (if they 
apply to the in-path interface). 

Example minna (config) # ip in-path route 193.140.0.0 255.255.0.0 190.160.0.0 

minna (config) # 
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ip in-path-gateway 

Description Configures the primary in-path default gateway. The no command option 
disables the default gateway. 



Syntax 
Parameters 



ip in-path-gateway <destination addr> 



<destination addr> Specifies the destination (IP address) of the in-path gateway. 



Example minna (config) # ip in-path-gateway 10.0.0.0 

minna (config) # 



ip name-server 

Description Adds a DNS name server. The no command option removes a DNS name 
server. 

Syntax ip name-server <addr> 

Parameters 



<addr> 



Specifies the name server IP address. 



Example minna (config) # ip name-server 10.10.10.1 

minna (config) # 
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ip route 



Description Adds a static route. The no command option disables the static route. If no ip 
route command is called with no parameters, it removes all static routes. If it 
is called with only a network prefix and mask, it deletes all routes for that 
prefix. 

Syntax ip route <network prefix> <netmask> <next-hop-IP-addr> 

Parameters 



Example 



<network prefix> 


Specifies the network prefix. 


<netmask> 


Specifies the netmask. 


<next-hop-IP-addr> 


Specifies the next hop IP address. 


minna (config) # 


ip route 193.166.0/24 10.10.10.1 


minna (config) # 





license delete 

Description Deletes the specified license key. 
Syntax license delete <number> 

Parameters 



<number> 



Specifies the license key to delete. 



Example minna (config) # license delete SH10_B-0000-l-7F14-FClF 

minna (config) # 



license install 

Description Installs a new software license key. 
Syntax license install <license key> 

Parameters 



<license key> Specifies the license key. 



Example minna (config) # license install SH10_B-0000-l-7F14-FClF 

minna (config) # 



limit bandwidth max 

Description Enables bandwidth thresholds on the specified interface at the specified 
speed. The no command option disables the bandwidth thresholds. 



4 Configuration-Mode Commands 



Syntax 
Parameters 



limit bandwidth max <interface> <kbps> 



<interface> 



Specifies the interface: WAN or primary. 



4^ 

o 



<kbps> 



Specifies the bandwidth in kbps. 



Example minna (config) # limit bandwidth max 500 

minna (config) # 



logging 

Description Adds a remote syslog server to the system. The no command option removes 
a remote syslog server from the system. 

Syntax logging <hostname> trap <log level> 

Parameters 
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Example 



<hostname> 



Specifies the hostname for the syslog server. 



trap <log level> Specifies the trap log level of the syslog server. If you have set 
different log levels for each remote syslog server, this command 
changes all remote syslog servers to have a single log level. 



minna (config) # logging minna 
minna (config) # 



logging files delete 

Description Deletes a specified number of log files. 
Syntax logging files delete [oldest <number>] 

Parameters 



Example 



oldest <number> Deletes the oldest log files. Specifies the number of log files to 
delete. The range is 1-10. 

minna (config) # logging files delete oldest 10 
minna (config) # 



logging files rotation criteria frequency 

Description Sets the frequency of log rotation. The default value is Weekly. 
Syntax logging files rotation criteria frequency <frequency> 
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Parameters 



<frequency> Specifies how often log rotation occurs: weekly, daily, hourly. 

Example minna (config) # logging files rotation criteria frequency weekly 

minna (config) # 



logging files rotation criteria size 

Description Sets the size, in MB, of the log file before rotation occurs. The default value is 
0 (unlimited). 

Syntax logging files rotation criteria size <size> 

Parameters 



Example 



<size> 



Specifies the size of the log file to save in MB. 



minna (config) # logging files rotation criteria size 100 
minna (config) # 



logging files rotation force 

Description Rotates logs immediately. 
Syntax logging files rotation force 

Parameters None 

Example minna (config) # logging files rotation force 

minna (config) # 



logging files rotation max-num 

Description Sets the maximum number of log files to keep locally. The default value is 10. 

Syntax logging files rotation max-num <number> 

Parameters 

<number> Specifies the number of log files to keep locally. The range is 1-100. 



Example 



minna (config) # logging files rotation max-num 10 
minna (config) # 



4 Configuration-Mode Commands 



logging local 

Description Sets the minimum severity for messages sent to the local syslog servers. The 
default value is none. The no command option sets the severity level for 
logging to none (no logs are sent). 

Syntax logging local <loglevel> 

Parameters 

<loglevel> Specifies the logging severity level. The follow severity levels are 

supported: 

• emerg. Emergency, the system is unusable. 

• alert. Action must be taken immediately. 

• crit. Critical conditions. 

• err. Error conditions. 

• warning. Warning conditions. 

• notice. Normal but significant condition. 

• info. Informational messages. 

• debug. Debug-level messages. 

Example minna (config) # logging local notice 

minna (config) # 

logging trap 

Description Sets the minimum severity for messages sent to the remote syslog servers. 

The default value is none. The no command option sets the severity level for 
logging to none. 

Syntax logging trap <loglevel> 

Parameters 

<loglevel> Specifies the logging severity level. The following levels are 

supported: 

• emerg. Emergency, the system is unusable. 

• alert. Action must be taken immediately. 

• crit. Critical conditions. 

• err. Error conditions. 

• warning. Warning conditions. 

• notice. Normal but significant condition. 

• info. Informational messages. 

• debug. Debug-level messages. 

Example minna (config) # logging trap notice 

minna (config) # 
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ntpdate 



Description Conducts a single time synchronization with a specified Network Time 
Protocol (NTP) server. 



Syntax 
Parameters 

Example 



ntpdate <addr> 



<addr> 



Specifies the NTP server with which to synchronize. 



minna (config) # ntpdate 10.10.10.1 
minna (config) # 



ntp disable 

Description Disables NTP support. The no command option enables NTP support. 
Syntax ntp disable 

Parameters None 

Example minna (config) # ntp disable 

minna (config) # 

ntp enable 

Description Enables NTP support. The no command option disables NTP support. 
Syntax ntp enable 

Parameters None 

Example minna (config) # ntp enable 

minna (config) # 



ntp peer 

Description Enables an NTP peer. The no command option disables an NTP peer. 

Syntax ntp peer <addr> [version <number>] 

Parameters 



<addr> 



Specifies the NTP peer IP address. 



version <number> Specifies the NTP version number. You do not need to specify 
the version number for the no ntp peer command. 



4 Configuration-Mode Commands 



Example minna (config) # ntp peer 10.10.10.1 

minna (config) # 



ntp server 

Description Configures an NTP server. The no command option removes an NTP server. 

Syntax ntp server <addr> [version <number>] 

Parameters 
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<addr> 



Specifies the NTP server with which to synchronize. 



version <number> Specifies the version number for NTP. You do not need to 
specify the version number for the no ntp server command. 



Example minna (config) # ntp server 10.10.10.1 

minna (config) # 



out-of-path enable 

Description Enables out-of-path configuration. The default value is false. The no 

command option disables out-of-path configuration. 

Syntax out-of-path enable 

Parameters None 

Example minna (config) # out-of-path enable 

minna (config) # 



out-of-path port 

Description Sets the out-of-path port. The default value is 7810. The no command option 
resets the out-of-path port to the default value. 

Syntax out-of-path port <port> 

Parameters 



<port> Specifies the out-of-path port number. 



Example minna (config) # out-of-path port 2125 

minna (config) # 
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protocol cifs disable write optimization 

Description Disables CIFS write-through. The no command option enables CIFS write- 
through. 

Syntax protocol cifs disable write optimization 

Parameters None 

Example minna (config) # protocol cifs disable write optimization 

minna (config) # 

protocol cifs prepop enable 

Description Enables CIFS transparent prepopulation. The no command option disables 
transparent prepopulation. 

Syntax protocol cifs prepop enable 

Parameters None 

Example minna (config) # protocol cifs prepop enable 

minna (config) # 



protocol cifs secure-sig-opt enable 

Description Disables SecuritySignature negotiations between a Windows client and the 
server. By default the Secure-CIFS feature is disabled. For detailed 
information about disabling Windows security signing, see the HP 

StorageWorks Enterprise File Services WAN Accelerator Installation and 
Configuration Guide. 

When a Windows server is set to SecuritySignatureEnable, the HP EFS WAN 
Accelerator stops CIFS optimizations but continues performing SDR 
optimizations. When the HP EFS WAN Accelerator command secure-sig-opt 
is set to enable, the HP EFS WAN Accelerator appliance continues perform 
CIFS optimizations for connections even when the SecuritySignatureEnable 
setting is specified. (The HP EFS WAN Accelerator does not continue to 
optimize traffic if the SecuritySignatureRequired setting is specified on the 
server.) 

Syntax protocol cifs secure-sig-opt enable 

Parameters None 

Example minna (config) # protocol cifs disable write optimization 

minna (config) # 



4 Configuration-Mode Commands 



protocol mapi nspi 



Description Sets the Name Service Provider Interface (NSPI) port. In certain situations (for 
example, clients connecting through a firewall), you might want to force a 
server to listen on a single pre-defined port so that access to ports can be 
controlled or locked down on the firewall. 

Syntax protocol mapi nspi <port> 

Parameters 
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<port> 



Specifies the incoming NSPI port number. 



Example minna (config) # protocol mapi nspi port 2125 

minna (config) # 



protocol mapi port 

Description Sets the incoming Mail Application Programming Interface (MAPI) port. The 
default value is 7830. The no command option resets the MAPI port to the 
default value. 



Syntax 
Parameters 



protocol mapi port <port> 



<port> Specifies the incoming MAPI port number. 



Example minna (config) # protocol mapi port 2125 

minna (config) # 

protocol mapi prepop enable 

Description Enables MAPI prepopulation support. Transparent prepopulation allows 

mail data to be delivered between the Exchange server and the client-side HP 
EFS WAN Accelerator while the Outlook client is offline. When a user logs 
into their MAPI client, the mail bits are already waiting in the client-side HP 
EFS WAN Accelerator and can be retrieved locally. The no protocol mapi 
prepop enable command option disables MAPI prepopulation support. 

Syntax protocol mapi prepop enable 

[max-connections <number> | poll-interval <minutes> | timeout 
<seconds>] 
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Parameters 



enable 


Enables MAPI prepopulation support. 


max-connections 


Specifies the maximum number of connections to enable. 


<number> 


poll-interval 


Specifies the polling interval in minutes. 


<minutes> 




timeout <seconds> 


Specifies the time out period in seconds. 



Example minna (config) # protocol mapi prepop enable 

minna (config) # 



qos port dscp 

Description Sets the Quality of Service (QoS) Differentiated Services Code Point (DSCP) 
levels for the specified port. The no command option disables QoS settings. 

Syntax qos port <port> dscp <level> 

Parameters 



<port> 


Specifies the port on which to monitor. 


<level> 


Specifies the DSCP level (0-63). 



Example minna (config) # qos port 24 dscp 2 

minna (config) # 



radius-server host 

Description Adds a RADIUS server to the set of servers used for authentication. Some of 
the parameters given can override the configured global defaults for all 
RADIUS servers. 

Syntax radius-server host {host <hostname> | ip-address <ip address>} 

[auth-port <port-number> | timeout <seconds> | 
retransmit <retries> | key <string>] 



4 Configuration-Mode Commands 



Parameters 



hostname | IP 
address 



Specifies the RADIUS server host name or IP address. 



auth-port <port> 



key <keynumber> 



Specifies the authorization port number. The default value is 
1812. 

Sets the shared secret text string used to communicate with 
any RADIUS server. 

retransmit <number> Specifies the number of times the client attempts to 

authenticate with any RADIUS server. The default value is 1. 
The range is 0-5. To disable retransmissions set it to 0. 



timeout <seconds> 



Sets the timeout for retransmitting a request to any RADIUS 
server. The range is 1-60. The default value is 3. 



O 
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Usage The same IP address can be used in more than one radius-server host 

command if the auth-port value is different for each. The auth-port value is a 
UDP port number. The auth-port value must be specified immediately after 
the hostname option (if present). 

If no radius-server host {hostname | ip-address} is specified, all radius 
configurations for the host are deleted. The no radius-server host {hostname 
| ip-address} auth-port {port} command can be specified to refine which host 
is deleted, as the previous command deletes all RADIUS servers with the 
specified IP address. 

RADIUS servers are tried in the order they are configured. 

Example minna (config) # radius-server host 10.0.0.0 key XXXX retransmit 3 

timeout 10 
minna (config) # 



radius-server key 

Description Sets the shared secret text string used to communicate with a RADIUS server. 

This command can be overridden using the radius-server host command. 
The no command option resets the key to the default value. 

Syntax radius-server key <string>] 

Parameters 



<string> Sets the shared secret text string used to communicate with 

any RADIUS server. 



Example minna (config) # radius-server key XYZ 

minna (config) # 
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radius-server retransmit 



Description Specifies the number of times the client attempts to authenticate with any 
RADIUS server. This command can be overridden in a radius-server host 
command. The no command option resets the value to the default value. 



Syntax 
Parameters 



radius-server retransmit <retries> 



<retries> 



Specifies the number of times the client attempts to 
authenticate with any RADIUS server. The range is 0-5. The 
default value is 1. 



Example minna (config) # radius-server retransmit 5 

minna (config) # 



radius-server timeout 

Description Sets the timeout for retransmitting a request to any RADIUS server. The 

range is 1-60. The default value is 3. This command can be overridden in a 
radius-server host command. The no command option resets the value to the 
default value. 

Syntax radius-server timeout <seconds>] 

Parameters 



<seconds> Sets the timeout for retransmitting a request to any RADIUS 

server. The range is 1-60. The default value is 3. 



Example minna (config) # radius-server timeout 3 0 

minna (config) # 



segstore receive port 

Description Receives the data store from another HP EFS WAN Accelerator. The failover 
HP EFS WAN Accelerator must be the same model. You cannot preload a 
data store on a non-failover-buddy appliance. 

Syntax segstore receive port <port> 

Parameters 



<port> Specifies the port number. 



Example minna (config) # segstore receive port 2 0 

minna (config) # 



4 Configuration-Mode Commands 



segstore send addr 



Description Sends the data store to another HP EFS WAN Accelerator. The other HP EFS 
WAN Accelerator must be the same model. You cannot preload a data store 
on a non-failover-buddy appliance. 

Syntax segstore send addr <addr> [port <port>] 

Parameters 
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Example 



<addr> Specifies the IP address, 

port <port> Specifies the port number. 



minna (config) # segstore send addr 10.10.10.1 
minna (config) # 



service authentication secret 

Description Enables authentication between HP EFS WAN Accelerators. The HP EFS 
WAN Accelerator uses a modified version of the Challenge Handshake 
Authentication Protocol (CHAP). There are shared secrets that the HP EFS 
WAN Accelerator uses to form responses to challenges. The secrets are 
strings of data that the HP EFS WAN Accelerators on each side of the 
network know but do not actually transfer. 

You can set secrets to be the same on all participating appliances and enable 
them to authenticate peers: 

♦ Appliancel: secretl (client) = Foo, secret2 (server) = bar, enable = false 

♦ Appliance2: secretl (client) = Foo, secret2 (server) = bar, enable = true 

♦ Appliance3: secretl (client) = Foo, secret2 (server) = bar, enable = true 

Appliancel is authenticated when connecting to Appliance2, but not when 
Appliance3 connects to it. Typically, you will authenticate all the HP EFS 
WAN Accelerators or none. 



Syntax 



There are two secrets available to you: 

♦ Client (Secretl). Authenticate peers that are connected to your appliance. 

♦ Server (Secret2). Authenticate peers that your appliance is connected to. 

You must specify secrets on both your HP EFS WAN Accelerators for 
authentication to function properly. 

For optimum security, the secrets must be at least 16 bytes (this is not 
necessary for operation). The two secrets can be identical, but this decreases 
security. 

service authentication secret {client <secretl> server <secret2>} 
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Parameters 



Example 



client <secretl> Specifies the client machine password, 
server <secret2> Specifies the server machine password. 

minna (config) # service authentication secret client xxxyy server yyyxx 
minna (config) # 



service enable 

Description Starts the HP EFS WAN Accelerator service. 
Syntax service enable 

Parameters None 

Example minna (config) # service enable 

minna (config) # 

service error reset 

Description Resets the HP EFS WAN Accelerator service after a service error. 
Syntax service error reset 

Parameters None 

Example minna (config) # service error reset 

minna (config) # 



Description 

Syntax 
Parameters 

Example 



snmp-server community 

Enables an SNMP server community. The no command option disables an 
SNMP server community. 

snmp-server community <name> 



<name> 



Specifies the name of the SNMP server community. 



minna (config) # snmp-server community ReaDonLy 
minna (config) # 



4 Configuration-Mode Commands 



snmp-server contact 



Description Sets the SNMP server contact. The no command option disables the SNMP 
server contact. 

Syntax snmp-server contact <name> 

Parameters 

<name> Specifies the name of the SNMP server community contact. 

Example minna (config) # snmp-server contact john doe 

minna (config) # 

snmp-server enable 

Description Enables an SNMP server. The no command option disables the SNMP server 
or traps. 

Syntax snmp-server enable [traps] 

Parameters 

traps Enables SNMP traps. 

Example minna (config) # snmp-server enable 

minna (config) # 



snmp-server host 

Description Sets the SNMP server host, traps, and version. The no command option 
disables the SNMP server host. 
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Syntax snmp-server {host <hostname or IP address> traps <communitystring> 

traps version <versionnumber> <communityname>} 



<hostname or IP 


Specifies the host name or IP address for the SNMP server. 


address> 


traps 


Sets the SNMP trap on a community. 


<communitystring> 




traps version 


Specifies the SNMP trap version number and community 


<versionnumber> 


name. 


<communityname> 





Example minna (config) # snmp-server host minna 

minna (config) # 



HP EFS WAN Accelerator Command-Line Interface Reference Manual 



93 



snmp-server location 



Description Sets the SNMP server location. The no command option disables the SNMP 
server location. 

Syntax snmp-server location <addr> 

Parameters 



<addr> 



Specifies the location of the system. 



Example minna (config) # snmp-server location 10.10.10.1 

minna (config) # 



ssh server enable 

Description Enables an ssh server. The no command option disables the ssh server. 
Syntax ssh server enable 

Parameters None 

Example minna (config) # ssh server enable 

minna (config) # 

stats alarm 

Description Configure alarms based on sampled or computed statistics. The no command 
option disables all statistical alarms. The no stats alarm <type> enable 

command disables specific statistical alarms. 

Syntax stats alarm (<type> <options>} 

Parameters 



<type> 



<options> 



Specifies the following types of alarms: bypass (configures all states 
for alarms), cpu_util_ave, duplex_pri (primary), duplex_aux 
(auxiliary), duplex_lan (LAN), duplex_wan (WAN), halt_error, 
mismatch_peer (peer mismatch), paging (memory paging), 
service_error (HP EFS WAN Accelerator service error), 
store_corruption (data store corruption), and sw_version (software 
version mismatch). 

Specifies the following alarm options: 

• clear. Clears alarm settings. 

• enable. Enables alarm 

• rising. Sets rising threshold. 

• rising clear_threshold <amount>. Sets the threshold to clear 
rising alarm. 

• rising error_threshold <amount>. Sets threshold to trigger rising 
alarm. 



4 Configuration-Mode Commands 



Example 



minna (config) # stats alarm bypass enable 
minna (config) # 



stats chd 

Description Sets computed historical data points. 
Syntax stats chd <CHD ID> clear 

Parameters 
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<CHD ID> 



clear 



Specifies the specific data point: <CHD ID>, cpu_util, cpu_util_ave, 
cpu_util_day, duplex_aux, duplexjan, duplex_pri, duplex_wan, 
memory_day, paging, paging_day, rbt, rbt_day, rbt_month, 
rbt_week, rbtkernel, rbtkernel_day, rbtkernel_month, 
rbtkernel_week. 

Clears all data. 



Example minna (config) # stats chd rbt_month 

minna (config) # 



stats clear-all 

Description Clears all statistics. 
Syntax stats clear-all 

Parameters None 

Example minna (config) # stats clear-all 

minna (config) # 



stats sample 

Description Configure sampled statistics. 

Syntax stats sample {<type> clear | interval <seconds>} 

Parameters 



type Specifies the type of statistic: admission_conn, 

admission_mem, bypass, cpu_util, duplex_aux, duplex_lan, 
duplex_pri, duplex_ wan, halt_error, memory, 
mismatch_peer, paging, raid_error, raid_warning, rbt, 
rbt_kernel, service_error, store-corruption, sw-version. 

clear Clears all statistics for type. 

interval <seconds> Specifies the sampling interval for this set of samples. 
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Example minna (config) # stats bypass clear 

minna (config) # 



stats settings bandwidth 

Description Configure sampled statistics. 
Syntax stats settings bandwidth <port> 

Parameters 



<port> 



Specifies the port number. 



Example minna (config) # stats settings bandwidth 2727 

minna (config) # 



tacacs-server host 

Adds a TACACS+ server to the set of servers used for authentication. Some of 
the parameters given can override the configured global defaults for all 
TACACS+ servers. The no command option disables TACACS+ support. 

tacacs-server host {hostname <ip-address> | auth-port <port-number> | 
timeout <seconds> | retransmit <retries> | key <string>} 



Description 



Syntax 



Parameters 



hostname | IP 
address 

auth-port <port> 



key <keynumber> 



retransmit <number> 



timeout <seconds> 



Specifies the TACACS+ server host name or IP address. 



Specifies the authorization port number. The default value is 
49. 

Sets the shared secret text string used to communicate with 
any TACACS+ server. 

Specifies the number of times the client attempts to 
authenticate with any TACACS+ server. The default value is 
1. The range is 0-5. To disable retransmissions set it to 0. 

Sets the timeout for retransmitting a request to any 
TACACS+ server. The range is 1-60. The default value is 3. 



Usage The same IP address can be used in more than one tacacs-server host 

command if the auth-port value is different for each. The auth-port value is a 
UDP port number. The auth-port value must be specified immediately after 
the hostname option (if present). 

If no tacacs-server host {hostname | ip-address} is specified, all radius 
configurations for this host are deleted. The no tacacs-server host {hostname 
| ip-address} auth-port {port} command can be specified to refine which host 
is deleted, as the previous command deletes all RADIUS servers with the 
specified IP address. 



4 Configuration-Mode Commands 



TACACS+ servers are tried in the order they are configured. 



Example minna (config) # tacacs-server host 10.0.0.0 

minna (config) # 



tacacs-server key 

Description Sets the shared secret text string used to communicate with any TACACS+ 
server. This command can be overridden using the tacacs-server host 
command. The no command option resets the value to the default value. 

Syntax tacacs-server key <string> 

Parameters 
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<string> Sets the shared secret text string used to communicate with 

any TACACS+ server. 

Example minna (config) # tacacs-server key XYZ 

minna (config) # 



tacacs-server retransmit 



Description 

Syntax 
Parameters 



Specifies the number of times the client attempts to authenticate with any 
TACACS+ server. The default value is 1. The range is 0-5. To disable 
retransmissions set it to 0. This command can be overridden in a tacacs-server 
host command. The no command option resets the value to the default value. 

tacacs-server retransmit <retries> 



<retries> Specifies the number of times the client attempts to 

authenticate with any TACACS+ server. The range is 0-5. The 
default value is 1. 



Example minna (config) # tacacs-server retransmit 

minna (config) # 



tacacs-server timeout 

Description Sets the timeout for retransmitting a request to any TACACS+ server. This 
command can be overridden in a tacacs-server host command. The no 
command option resets the value to the default value. 

Syntax tacacs-server timeout <seconds> 
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Parameters 



<seconds> Sets the timeout for retransmitting a request to any TACACS+ 

server. The range is 1-60. The default value is 3. 



Example minna (config) # tacacs-server timeout 3 0 

minna (config) # 

terminal 

Description Configures terminal display. 

Syntax terminal {auto-resize | length <number> | width <number>} 

Parameters 



auto-resize 


Automatically determines the size of the terminal. 


length <number> 


Specifies the number of lines for the terminal. 


width <number> 


Specifies the terminal width in characters. 



Example minna (config) # stats settings connection rtt 500 

minna (config) # 

username disable 

Description Disables the account so that no one can log in with any password. The no 
command option re-enables the specified user account. To re-enable the 
account, you must set a password for it. 

Syntax username <userid> disable 

Parameters 

<userid> Specifies the user login: admin or monitor. 



Example minna (config) # username monitor disable 

minna (config) # 

username nopassword 

Description Disables password protection for a user. The no command option re-enables 
the specified user account. 

Syntax username <userid> nopassword 

Parameters 

<userid> Specifies the user login: admin or monitor. 



4 Configuration-Mode Commands 



Example minna (config) # username monitor nopassword 

minna (config) # 



username password 

Description Sets the password for the specified user. The password must be a minimum 
of 6 characters. The password is returned in cleartext format on the command 
line. 

Syntax username <userid> password <cleartext> 

Parameters 
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<userid> 



Specifies the user login: admin or monitor. 



<cleartext> Specifies the password. The password must be a least of 6 

characters. 



Example minna (config) # username admin password xyzzzZ 

minna (config) # 



username password 0 

Description Sets the password for the specified user. The password must be a minimum 
of 6 characters.The password is returned in cleartext format on the command 
line. 



Syntax 
Parameters 



username <userid> password 0 <password> 



<userid> 



Specifies the user login: admin or monitor. 



<password> Specifies the password. The password must be a minimum of 6 
characters. 



Example minna (config) # username admin password 0 xyzzzZ 

minna (config) # 



username password 7 

Description Sets the password for the specified user. The password must be a minimum 
of 6 characters. The password is returned in encrypted format on the 
command line. 



Syntax 



username <userid> password 7 <password> 
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Parameters 



<userid> 



Specifies the user login: admin or monitor. 



<password> Specifies the password. The password must be a minimum of 6 
characters. 



Example minna (config) # username admin password 7 xyzzzZ 

minna (config) # 



username password cleartext 

Description Sets the password for the specified user. The password must be a minimum 
of 6 characters. The password is returned in cleartext format on the command 
line. 



Syntax 
Parameters 



username <userid> password cleartext <password> 



<userid> 



Specifies the user login: admin or monitor. 



<password> Specifies the password. The password must be a minimum of 6 
characters. 

Example minna (config) # username admin password cleartext xyzzzZ 

minna (config) # 



username password encrypted 

Description Sets the password for the specified user. The password must be a minimum 
of 6 characters. The password is returned in encrypted format on the 
command line. 

Syntax username <userid> password encrypted <password> 

Parameters 



<userid> 



Specifies the user login: admin or monitor. 



<password> Specifies the password. The password must be a minimum of 6 
characters. 



Example minna (config) # username admin password encrypted xyzzzZ 

minna ( config) # 
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4 Configuration-Mode Commands 



username privilege 



Description Creates a user account for RADIUS or TACACS+ authentication. The admin 
and monitor users are not be allowed to be created, modified, or deleted. The 
<userid> parameter is a text string that is a valid username (for example, 
monitor or admin). A user ID is chosen by the system (for example, starting 
atl001+). 



Syntax 
Parameters 



username <userid> privilege <privilege_level> 



<userid> Specifies the user login: admin or monitor. 

<privilege_level> Specifies the maximum level the user can reach. There are two 
levels: 7 and 15. Level 7 corresponds to enable mode privileges 
(monitor user) and level 15 corresponds to configuration mode 
privilege (admin user). 

Example minna (conf ig) # username admin privilege 15 

minna (conf ig) # 



weep enable 

Description Enables Web Cache Communication Protocol (WCCP) support. WCCP 
establishes and maintains the transparent redirection of selected types of 
traffic flowing through a group of routers. The selected traffic is redirected to 
a group of routers to reduce resource usage and lowering response times. The 
no command option disables WCCP support. For detailed information about 
configuring WCCP, see Appendix A, "Configuring WCCP." 

Syntax weep enable 

Parameters None 

Example minna (config) # weep enable 

minna (config) # 



weep mcast-ttl 



Description 

Syntax 
Parameters 



Sets the multicast time to live (TTL) parameter for WCCP. The TTL 
determines the range over which a multicast packet is propagated in your 
intranet. For detailed information about configuring WCCP, see Appendix A, 
"Configuring WCCP." 

weep mcast-ttl <value> 



<value> 



Specifies the multicast-ttl value. 
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Example minna (config) # weep mcast-ttl 10 

minna (config) # 



weep service group 

Description Enables a WCCP service group. WCCP enables you to redirect traffic through 
the HP EFS WAN Accelerator that is out-of-path to ensure that traffic is 
optimized. For detailed information about configuring WCCP, see Appendix 
A, "Configuring WCCP." 



NOTE: The following section assumes you are familiar with WCCP. For detailed 
information about WCCP, see the Cisco documentation website at 
http://www.cisco.com/univercd/home/home.htm. 



To enable WCCP, the HP EFS WAN Accelerator must join a service group at 
the router. A service group is a group of routers and HP EFS WAN 
Accelerators which define the traffic to redirect, and the routers and HP EFS 
WAN Accelerators the traffic goes through. 

To enable failover support with WCCP groups, define the service group 
weight to be 0 on the backup HP EFS WAN Accelerator. If one HP EFS WAN 
Accelerator has a weight 0, but another one has a non-zero weight, the HP EFS 
WAN Accelerator with weight 0 does not receive any redirected traffic. If all 
the HP EFS WAN Accelerators have a weight 0, the traffic is redirected equally 
among them. 

If the source or destination flags are set, the router redirects only the TCP 
traffic that matches the source or destination ports specified. 

Syntax weep service group j<service ID> router <ip_address>} | 

[flags <comma_separated_list> | 
priority <priority_number> | 
ports <comma separated list of up to 7 ports> | 
password <string> | 
weight <value> | 
encap_scheme <string>] 
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Parameters 



service group Specifies the service group ID is a number from 0 to 255, 

<service ID> identifying a particular service group. The service group ID is 

the number that is set on the router. A value of 0 specifies the 

standard http service group. 

router 

<ip_address> 



The router IP is multicast group IP address or a unicast router 
IP address. A total of 32 routers can be specified. 

Specifies the combination of src-ip-hash, dst-ip-hash, src-port- 
hash, dst-port-hash, ports-dest, ports-source that define the 
fields the router hash on. 

Specifies a comma separated list of up to 7 ports that the router 
redirects traffic to. Use only if ports-dest or ports-source 
service flag is set. 

priority <priority- Specifies the WCCP priority for traffic redirection. If a 
number> connection matches multiple service groups on a router, the 

router chooses the service group with the highest priority. The 

range is 0-255. The default value is 200. 



flags <hash-bit- 
identifier> 



ports 

<portnumber> 



password <string> 



weight <value> 



encap_scheme 
<string> 



Specifies the WCCP password. This password must be the 
same as the password on the router. (WCCP requires that all 
routers in a service group have the same password.) Passwords 
are limited to 8 characters. 

The weight determines how often the traffic is redirected to a 
particular HP EFS WAN Accelerator. A higher weight redirects 
more traffic to that HP EFS WAN Accelerator. The ratio of 
traffic redirected to an HP EFS WAN Accelerator is equal to its 
weight divided by the sum of the weights of all the HP EFS 
WAN Accelerators in the same service group. For example, if 
there are 2 HP EFS WAN Accelerators in a service group and 
one has a weight of 100 and the other has a weight of 200, the 
one with the weight 100 receives 1 /3 of the traffic and the other 
receives 2/3 of the traffic. The range is 0-65535. The default 
value corresponds to the HP EFS WAN Accelerator model (for 
example, for the Model DL380-5010 the default value is 5010; 
for the Model DL320-2010 the default value is 2010). 

Specifies the traffic forwarding and redirection scheme: 
Generic Routing Encapsulation (gre) or Layer-2 (12) redirection. 
The either value uses Layer-2 first — if Layer-2 is not supported, 
gre is tried. 



O 
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Example minna (config) # weep 999 router 10.0.0.0 

minna (config) # 



web auto-logout 

Description Sets the number of minutes before the HP EFS WAN Accelerator 

Management Console automatically logs out the user. The default value is 15 
minutes. The no command option disables the automatic log out feature. 

Syntax web auto-logout <minutes> 
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Parameters 



<minutes> Specifies the number of minutes before the system automatically 

logs out the user. 

Example minna (config) # web auto-logout 20 

minna (config) # 



web enable 

Description Enables the HP EFS WAN Accelerator Management Console. The default 

value is true. The no command option disables the HP EFS WAN Accelerator 
Management Console. 

Syntax web enable 

Parameters None 

Example minna (config) # web enable 

minna (config) # 



web http enable 

Description Enables the Hyper Text Transfer Protocol (HTTP). The default value is true. 

The no command option disables the HP EFS WAN Accelerator Management 
Console. 

Syntax web http enable 

Parameters None 

Example minna (config) # web http enable 

minna (config) # 



Description 

Syntax 
Parameters 



web http port 

Sets the web port. The default value is 80. The no command option resets the 
web port to the default value. 

web http port <port> 



<port> Specifies the port number. 



Example minna (config) # web http port 8080 

minna (config) # 
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web https enable 



Description 

Syntax 

Parameters 
Example 

Description 

Syntax 
Parameters 

Example 

Description 

Syntax 
Parameters 

Example 

Description 
Syntax 



Sets the secure web. The no command option disables secure port support. 



None 

minna (config) # web https enable 
minna (config) # 



web https port 

Sets the secure web port. The no command option disables support on a 
secure port. 

web https port <port> 



<port> Specifies the port number. 

minna (config) # web https port 8080 
minna (config) # 



web session renewal 

Sets the session renewal time. The time duration before the web session 
timeout at which if a web request comes in (that is, user activity), the web 
session is automatically renewed. The default value is 10 minutes. The no 
command option resets the session renewal time to the default value. 

web https renewal <minutes> 



web https enable 0 
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<minutes> Specifies the number of minutes. 



minna (config) # web session renewal 5 
minna (config) # 



web session timeout 

Sets the session timeout value. This is the amount of time the cookie is active. 
The default value is 60 minutes. The no command option resets the session 
timeout to the default value. 

web session timeout <minutes> 
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Parameters 



Example 



<minutes> Specifies the number of minutes. 



minna (config) # web session timeout 12 0 
minna (config) # 



write memory 

Description Saves the current configuration settings to memory. 
Syntax write memory 

Parameters None 

Example minna (config) # write memory 

minna (config) # 



write terminal 

Description Display commands to recreate current running configuration. 
Syntax write terminal 

Parameters None 



Example 



minna (config) # write terminal 
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4 Configuration-Mode Commands 



Configuring WCCP 



In This Appendix This appendix describes how to use the Web Cache Communication Protocol 

(WCCP) to redirect traffic to an HP EFS WAN Accelerator or group of HP EFS 
WAN Accelerators. It contains the following sections: 

♦ "Overview," next 

♦ "A Basic WCCP Configuration" on page 110 

♦ "Advanced WCCP Features" on page 113 

♦ "Troubleshooting" on page 115 



Overview 

WCCP was originally implemented on Cisco routers, multi-layer switches, 
and Web caches to redirect HTTP requests to local Web caches (Version 1). 
Version 2, which is implemented on HP EFS WAN Accelerators, can redirect 
any type of connection from multiple routers or Web caches. 

You configure WCCP to redirect traffic to an HP EFS WAN Accelerator or 
group of HP EFS WAN Accelerators that are out-of-path while still optimizing 
traffic on the client-side. With WCCP, you can also load-balance traffic and 
provide failover support. 

You configure WCCP on the client-side HP EFS WAN Accelerator; the server- 
side HP EFS WAN Accelerator is configured as an out-of-path device. 
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HOW DoeS The following basic steps describe how WCCP works with the HP EFS WAN 

WCCP Work? Accelerator: 



1. Routers and HP EFS WAN Accelerators are added to the service group. 

2. Routers announce themselves to the HP EFS WAN Accelerators. 

3. Routers send back the state of the service group. 

4. One HP EFS WAN Accelerator takes a leadership role and tells the routers 
how to redirect traffic. 

The HP EFS WAN Accelerators use the following methods to communicate 
with routers: 

♦ Unicast (UDP Packets). The HP EFS WAN Accelerator is configured with 
the IP address of each router. If the router configuration is changed, each 
HP EFS WAN Accelerator must also be changed. 

♦ Multicast. The HP EFS WAN Accelerator is configured with a multicast 
group. If the router is changed, the HP EFS WAN Accelerator does not 
need to be reconfigured. 

All traffic is redirected by default. You can configure specific source and 
destination ports to be redirected. For detailed information, see "TCP Ports 
Redirection" on page 114. 

For other types of redirection such as IP address, you configure Access Control 
Lists (ACLs) on the routers and add it to the service group. For detailed 
information, see "Specific Traffic Redirection" on page 114. 

Traffic is redirected using one of the following schemes: 

♦ gre (Generic Routing Encapsulation). Each data packet is encapsulated 
in a GRE packet with the HP EFS WAN Accelerator IP address configured 
as the destination. This scheme is applicable to any network. 

♦ 12 (Layer-2). Each packet MAC address is rewritten with an HP EFS WAN 
Accelerator MAC address. This scheme is possible only if the HP EFS 
WAN Accelerator is connected to a router at Layer-2. 

♦ either. The either value uses 12 (Layer-) first — if Layer-2 is not supported, 
gre is tried. 

You can load-balance using WCCP. Traffic is redirected based on a hashing 
scheme and the weight of the HP EFS WAN Accelerators. You can hash on a 
combination of the source IP address, destination IP address, source port, or 
destination port. The default weight is based on the HP EFS WAN Accelerator 
model number (for example, for the Model DL380-5010 the weight would be 
5010). You can modify the default weight. For detailed information, see "Load 
Balancing" on page 114. 
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You can also provide failover support using WCCP. In a failover 
configuration, the HP EFS WAN Accelerators periodically announce 
themselves to the routers. If an HP EFS WAN Accelerator fails, traffic is 
redirected to the working HP EFS WAN Accelerators. To enable failover 
support, you simply configure the weight for the backup HP EFS WAN 
Accelerator to be 0. For detailed information, see "Failover Support" on 
page 115. 



Basic Steps The following are the basic steps for configuring WCCP. 

1. Create a service group on the router. 

2. Attach the HP EFS WAN Accelerator WAN interface to the network. 

3. Configure the HP EFS WAN Accelerator to be an in-path device with 
WCCP support. For example, the CLI command: in-path client-oop 
enable. 

4. Add fixed target, in-path rules to reach the server-side HP EFS WAN 
Accelerator. 

5. Add and configure the service group on the HP EFS WAN Accelerator. 



WCCP 
Commands 



This section summarizes the WCCP commands. For detailed information, see 
the Chapter 4, "Configuration-Mode Commands." 

♦ To enable WCCP: 

SH (config) # weep enable 

♦ To disable WCCP: 

SH (config) # no weep enable 

♦ To specify the multicast Time To Live (ttl) value for WCCP: 

SH (config) # weep mcast-ttl 10 

♦ To configure a service group: 

SH (config) # weep service-group routers [flags ] [priority ] [ports ] 
[password ] [weight ] [encap_scheme ] 
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where 



service group Specifies the service group ID is a number from 0 to 255, 

<service ID> identifying a particular service group. The service group ID is 

the number that is set on the router. A value of 0 specifies the 

standard http service group. 

router The router IP is multicast group IP address or a unicast router 

<ip_address> IP address. A total of 32 routers can be specified. 

flags <hash-bit- Specifies the combination of src-ip-hash, dst-ip-hash, src-port- 
identifier> hash, dst-port-hash, ports-dest, ports-source that define the 

fields the router hash on. 

ports Specifies a comma separated list of up to 7 ports that the router 

<portnumber> redirects traffic to. Use only if ports-dest or ports-source 

service flag is set. 

priority <priority- Specifies the WCCP priority for traffic redirection. If a 
number> connection matches multiple service groups on a router, the 

router chooses the service group with the highest priority. The 

range is 0-255. The default value is 200. 

password <string> Specifies the WCCP password. This password must be the 

same as the password on the router. (WCCP requires that all 
routers in a service group have the same password.) Passwords 
are limited to 8 characters. 

weight <value> The weight determines how often the traffic is redirected to a 
particular HP EFS WAN Accelerator. A higher weight redirects 
more traffic to that HP EFS WAN Accelerator. The ratio of 
traffic redirected to an HP EFS WAN Accelerator is equal to its 
weight divided by the sum of the weights of all the HP EFS 
WAN Accelerators in the same service group. For example, if 
there are 2 HP EFS WAN Accelerators in a service group and 
one has a weight of 100 and the other has a weight of 200, the 
one with the weight 100 receives 1 /3 of the traffic and the other 
receives 2/3 of the traffic. The range is 0-65535. The default 
value corresponds to the HP EFS WAN Accelerator model (for 
example, for the Model DL380-5010 the default value is 5010; 
for the Model DL320-2010 the default value is 2010). 

encap_scheme Specifies the traffic forwarding and redirection scheme: gre 

<string> encapsulation (gre) or Layer-2 (12) redirection. The either value 

uses Layer-2 first — if Layer-2 is not supported, gre is tried. 



A Basic WCCP Configuration 

This section describes how to configure: 1 router, 1 WCCP HP EFS WAN 
Accelerator, and 1 subnet. 
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Figure A-1 . Basic WCCP Configuration 




WCCP HP StorageWorks 
EFS WAN Accelerator 



OOP HP StorageWorks 
EFS WAN Accelerator 



Connecting the 
HP EFS WAN 
Accelerator 



To set up an HP EFS WAN Accelerator for WCCP, the HP EFS WAN 
Accelerator WAN interface is connected to a switch or router (not necessarily 
the one configured for WCCP) that can reach the switch or router where 
WCCP is configured and where redirection will occur. 



IMPORTANT: When you connect to the WAN port on the HP EFS WAN Accelerator 
for WCCP, the LAN port no longer passes traffic. You cannot run the HP EFS WAN 
Accelerator in both in-path and client out-of-path mode. 



Configuring the 
WCCP Router or 
Multi-Layer 
Switch 



Before you configure the HP EFS WAN Accelerator, you enable your router for 
WCCP. You create a service group and attach it to the interface where you 
want packets to be redirected. 

In this example, we use unicast protocol messages between the router and the 
HP EFS WAN Accelerator and all traffic is redirected to the HP EFS WAN 
Accelerator (The HP EFS WAN Accelerator tells the router to redirect TCP 
traffic, and if configured on it, certain TCP ports.) 

The service group ID is 90 and the interface going towards the WAN is 
fastEthernetO/0. 



To configure the 
WCCP router 



At the system prompt, enter the following set of commands: 



Router> enable 
Router# configure terminal 
Router (config) # ip weep version 2 
Router (config) # ip weep 90 

Router (config) # interface fastEthernet 0/0 
Router (config-if) # ip weep 90 redirect out 
Router (config-if) # end 
Router# 



TIP: Enter configuration commands, one per line. End with CRTL-Z. 



The service group 90 must be defined and configured on the HP EFS WAN 
Accelerators. 
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Configuring the 
Client-Side HP 
EFS WAN 
Accelerator 



The HP EFS WAN Accelerator is configured as an out-of-path device on the 
client side and the service group (defined on the router) is added to it. 

In this example, the client-side, IP address is 10.1.0.2, its WAN router is 
10.1.0.1, and the server-side HP EFS WAN Accelerator, IP address is 10.2.0.2. 



To configure the HP 
EFS WAN Accelerator 
to be out-of-path 



1. Connect to the HP EFS WAN Accelerator CLI. For detailed information, 
see "Connecting to the Command-Line Interface" on page 17. 

2. At the system prompt, enter the following set of commands: 

client-SH > enable 

client-SH # configure terminal 

client-SH (config) # in-path enable 

client-SH (config) # in-path client-oop enable 

3. You must save your changes and reboot the appliance for your changes to 
take effect. At the system prompt, enter the following set of commands: 

client-SH (config) # interface in-path ip address 10.1.0.2 /16 

client-SH (config) # ip in-path-gateway 10.1.0.1 

client-SH (config) # write memory 

client-SH (config) # reload 



To add in-path rules to 
reach the out-of-path, 
server-side, HP EFS 
WAN Accelerator 



In this example, we configure the client HP EFS WAN Accelerator to optimize 
ports 135, 139, 445, 21 and 80 and to pass-through all other traffic. 

• At the system prompt, enter the following set of commands: 



client- 


-SH 


> enable 
















client- 


-SH 


# configure 


! terminal 










client- 


-SH 


(config) 


# 


in-path 


rule 


fixed-target 


port 


135 


target-addr 


10.2.0 


.2 


















client- 


-SH 


(config) 


# 


in-path 


rule 


fixed-target 


port 


139 


target-addr 


10.2.0 


.2 


















client- 


-SH 


(config) 


# 


in-path 


rule 


fixed-target 


port 


445 


target-addr 


10.2.0 


.2 


















client- 


-SH 


(config) 


# 


in-path 


rule 


fixed-target 


port 


21 


target-addr 


10.2.0 


.2 


















client- 


-SH 


(config) 


# 


in-path 


rule 


fixed-target 


port 


80 


target-addr 


10.2.0 


.2 


















client- 


-SH 


(config) 


# 


in-path 


rule 


pass-through 








client- 


-SH 


(config) 


# 


write memory 










client- 


-SH 


(config) 


# 


exit 













To add the WCCP 
service group to the 
HP EFS WAN 
Accelerator 



Now add the service group to the HP EFS WAN Accelerator so that the router 
starts redirecting packets. 

• At the system prompt, enter the following set of commands: 

client-SH > enable 

client-SH # configure terminal 

client-SH (config) # weep enable 

client-SH (config) # weep service-group 90 routers 10.1.0.1 
client-SH (config) # write memory 
client-SH (config) # exit 



This set of commands instructs the router to redirect all TCP traffic to the HP 
EFS WAN Accelerator. 
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Advanced WCCP Features 



This section describes the advanced features for WCCP. 



Security 



WCCP protocol messages can be authenticated between the router and the HP 
EFS WAN Accelerator using a password. The maximum password length is 7 
characters. 



To set the password 
for WCCP 



1. On the router, at the system prompt, enter the following command: 

Router (config) # ip weep 90 password <your_password> 



2. On the HP EFS WAN Accelerator, at the system prompt, enter the 
following command: 

client-SH (config) # weep service-group 90 routers 10.1.0.1 password 
<your_password> 



NOTE: The same password must be set on the HP EFS WAN Accelerator and the 
router. 



Multicast 



If you add multiple routers and HP EFS WAN Accelerators to a service group, 
you can configure them to exchange WCCP protocol messages through a 
multicast group. 



Configuring a multicast group is advantageous because if a new router is 
added, it does not need to be explicitly added on each HP EFS WAN 
Accelerator. 



To configure multicast 
groups on your router 



On your router, at the stem prompt, enter the following set of commands: 



Router> enable 

Router# configure terminal 

Router (config) # ip weep version 2 

Router (config) # ip weep 90 group-address 224.0.0.3 
Router (config) # interface fastEthernet 0/0 
Router (config-if) # ip weep 90 redirect out 
Router (config-if) # ip weep 90 group-listen 
Router (config-if ) # end 
Router* 



TIP: Enter configuration commands, one per line. End each command with CTRL-Z. 



To configure multicast 
groups on the HP EFS 
WAN Accelerator 



• On the client-side HP EFS WAN Accelerator, at the system prompt, enter 
the following set of commands. 

client-SH > enable 
client-SH # configure terminal 
client-SH (config) # weep enable 
client-SH (config) # weep mcast-ttl 10 

client-SH (config) # weep service-group 90 routers 224.0.0.3 
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client-SH (config) # write memory 
client-SH (config) # exit 



TCP PortS By default, all TCP ports are redirected, but the HP EFS WAN Accelerator can 

RGd i rGCtion ^ e conn g ure d to tell the router to redirect only certain TCP source or 

destination ports. A maximum of 7 ports can be specified per service groups. 



NOTE: You do not need to configure source and destination ports on the router. 



To configure TCP port • On the client-side HP EFS WAN Accelerator, at the system prompt, enter 
redirection the following command: 

client-SH (config) # weep service-group 90 routers 10.1.0.1 flags ports- 
destination ports 135,139,445,21,80 



Specific Traffic 
Redirection 



To configure specific 
traffic redirection on 
the router 



If redirection is based on traffic characteristics other than ports, Access Control 
Lists (ACLs) on the router can define what traffic is redirected. 

For example, if you only want the traffic destined for IP address 10.2.0.0/16 to 
be redirected to the HP EFS WAN Accelerator, you would configure the router 
in the following manner. 

• On the router, enter the following set of commands: 

Router> enable 

Router# configure terminal 

Router ( config) # ip weep version 2 

Router (config) # access-list 101 permit tcp any 10.2.0.0 255.255.0.0 

Router (config) # ip weep 90 redirect-list 101 

Router (config) # interface fastEthernet 0/0 

Router (config-if) # ip weep 90 redirect out 

Router (config-if) # end 

Router* 



TIP: Enter configuration commands, one per line. End each command with CTRL-Z. 



Load Balancing You can load-balance using WCCP. Traffic is redirected based on a hashing 

scheme and the weight of the HP EFS WAN Accelerators. You can hash on a 
combination of the source IP address, destination IP address, source port, or 
destination port. The default weight is based on the HP EFS WAN Accelerator 
model (for example, for the Model DL380-5010 the weight would be 5010). You 
can modify the default weight. 

For example, to configure load balancing, you change the hashing scheme to 
hash on a destination IP and port and specify a weight on the HP EFS WAN 
Accelerator. (You do not need to configure the router.) 

To change the hashing 1. On the client-side HP EFS WAN Accelerator, enter the following 

scheme and assign a command: 

weight 
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client-SH (config) # weep service-group 90 routers 10.1.0.1 flags dst- 
ip-hash, dst-port-hash 



2. To change the weight on the client-side HP EFS WAN Accelerator, enter 
the following command: 

client-SH (config) # weep service-group 90 routers 10.1.0.1 weight 20 



Failover 
Support 



You can also provide failover support using WCCP. In a failover 
configuration, the HP EFS WAN Accelerators periodically announce 
themselves to the routers. If an HP EFS WAN Accelerator fails, traffic is 
redirected to the working HP EFS WAN Accelerators. 

For example, instead of load balancing traffic between 2 HP EFS WAN 
Accelerators, you might want traffic to go to only 1 HP EFS WAN Accelerator 
and to failover to the other HP EFS WAN Accelerator if the first one fails. 



To configure failover support, you simply define the weight to be 0 on the 
backup HP EFS WAN Accelerator. For detailed information, see "WCCP 
Commands" on page 109. 



Troubleshooting 

You can check your WCCP configuration on the router and the HP EFS WAN 
Accelerator. 

• On the router, at the system prompt, enter the following set of commands: 

Router>en 

Router#show ip weep 
Router#show ip weep 90 detail 
Router#show ip weep 90 view 

You can trace WCCP packets and events on the router. 



To check the router 
configuration 



To trace weep packets 
and events on the 
router 



On the router, at the system prompt, enter the following set of commands: 



Router>en 

Router#debug ip weep events 
WCCP events debugging is on 
Router#debug ip weep packets 
WCCP packet info debugging is on 
Routerfterm mon 
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Configuring PBR 



In This Appendix This appendix describes how to use the Policy Based Routing (PBR) to redirect 

traffic to an HP EFS WAN Accelerator or group of HP EFS WAN Accelerators. 
It contains the following sections: 

♦ "PBR Overview," next 

♦ "Asymmetrical HP EFS WAN Accelerator Configurations With PBR" on 
page 118 

♦ "PBR Between VLANs" on page 121 

♦ "Symmetrical HP EFS WAN Accelerator Configurations With PBR" on 
page 122 

♦ "Troubleshooting" on page 125 



PBR Overview 

PBR is a router configuration that allows you to define policies to route packets 
instead of relying on routing protocols. It is enabled on an interface basis and 
packets coming into a PBR-enabled interface are checked to see if they match 
the defined policies. If they do match, the packets are applied the rule defined 
for the policy. If they do not match, they are routed based on the usual routing 
table. The rule can be to redirect the packets to a specific IP or interface as well 
as set certain fields in them like the precedence bits. 

You can use PBR on the client-side to redirect traffic to an HP EFS WAN 
Accelerator. 



IMPORTANT: PBR must be enabled on the interfaces where the client traffic is 
arriving, and disabled on the interface corresponding to the HP EFS WAN Accelerator, 
to avoid an infinite loop. (The HP EFS WAN Accelerator can bounce back the packets 
it receives either because it is not configured to optimize that traffic or its admission 
control is refusing new connections.) 
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On the server-side, the HP EFS WAN Accelerator is configured as in an out-of- 
path device, although it can also be configured with a PBR router with specific 
PBR rules. 

In all cases, the HP EFS WAN Accelerator that intercepts traffic redirected 
with PBR is configured with in-path support and Layer-4 switch support 
enabled. PBR policies can be based on the source or destination IP address, 
protocol, source port, or destination port. 



Asymmetrical HP EFS WAN Accelerator 
Configurations With PBR 

This section describes asymmetric HP EFS WAN Accelerator configurations 
with PBR. The examples in this section apply only if the clients are on one side 
of the WAN and are connecting to servers on the other side of the WAN. 

If the client-side HP EFS WAN Accelerator is on a different Layer-2 interface 
than the clients on the router where PBR is configured, PBR can be enabled on 
a Layer-2 interface basis, and redirect TCP traffic going to the server-side HP 
EFS WAN Accelerator. 



IMPORTANT: HP recommends you define a policy based on the source or destination 
IP and not on the TCP source or destination ports because certain protocols use 
dynamic ports instead of fixed ones such as Exchange and FTP. 



SinCjl^SubnGt, In this configuration, PBR is enabled on the interface of the client-side router 

CMGnt-SidG PBR connected to the Layer-2 switch that redirects traffic to the HP EFS WAN 

_ . Accelerator. 

Configuration 

** Figure 1 -2. Single Subnet, Client-Side, HP EFS WAN Accelerator Attached to a Router 
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The client-side router has interface fastEthernet 0/0 attached to the Layer-2 
switch and fastEthernetO/1 attached to the HP EFS WAN Accelerator. 

The server-side router has interface fastEthernetO/0 attached to the Layer-2 
switch. 



This example uses the following IP addresses: 
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♦ Client-side. Client=10.0.0.2/16, HP EFS WAN Accelerator=10.2.0.2/16, 
Router(fastEthernetO/0)=10.0.0.1/16, Router(fastEthernetO/l)=10.2.0.1/16 

♦ Server-side. Server=10.1.0.2/16, HP EFS WAN Accelerator=10.1.0.3/16, 
Router(fastEthernetO/0)=10.1.0.1/16 

The HP EFS WAN Accelerator is configured as a client-side, HP EFS WAN 
Accelerator in an in-path configuration with Layer-4 switch support. It must 
reach the remote network through the router from the in-path interface and a 
fixed-target in-path rule is defined for the remote out-of-path HP EFS WAN 
Accelerator. 



To configure the 1. Connect to the client-side HP EFS WAN Accelerator CLI. For detailed 

Client-side HP EFS information, see "Connecting to the Command-Line Interface" on page 17. 

WAN Accelerator 

2. On the client-side HP EFS WAN Accelerator, at the system prompt, enter 
the following set of commands: 

client-SH > enable 

client-SH # configure terminal 

client-SH (config) # in-path enable 

You must restart the service for your changes to take effect. 
client-SH (config) # in-path layer-4 enable 

client-SH (config) # interface in-path ip address 10.2.0.2 /16 
client-SH (config) # ip in-path-gateway 10.2.0.1 

client-SH (config) # in-path rule fixed-target addr 10.1.0.2/32 port 135 
target-addr 10.1.0.3 

client-SH (config) # in-path rule fixed-target addr 10.1.0.2/32 port 139 
target-addr 10.1.0.3 

client-SH (config) # in-path rule fixed-target addr 10.1.0.2/32 port 445 
target-addr 10.1.0.3 

client-SH (config) # in-path rule fixed-target addr 10.1.0.2/32 port 21 
target-addr 10.1.0.3 

client-SH (config) # in-path rule fixed-target addr 10.1.0.2/32 port 80 

target-addr 10.1.0.3 

client-SH (config) # write memory 

client-SH (config) # reload 



NOTE: You must save your changes and reboot the appliance for your changes to take 
effect. 



This configuration optimizes CIFS, Exchange, FTP, and HTTP traffic. 

To configure the • On the client-side router, at the system prompt, enter the following set of 

client-side router commands: 

Router#conf igure terminal 

Router (config) #access-list 101 permit tcp any 10.1.0.2 255.255.255.255 

Router (conf ig) iinterface fastEthernet 0/0 

Router (config-if) #ip address 10.0.0.1 255.255.0.0 

Router (config-if) #ip policy route-map TrafficToS 

Router (config-if) #exit 

Router (config) #route-map TrafficToS permit 10 

Router (conf ig-route-map) #match ip address 101 

Router (conf ig-route-map) #set ip next-hop 10.2.0.2 

Router (conf ig-route-map) #exit 

Router ( conf ig) iinterface fastEthernet 0/1 

Router (conf ig-if) #ip address 10.2.0.1 255.255.0.0 
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Router (conf ig-if ) #end 
Router# 



TIP: Enter configuration commands, one per line. End with CRTL-Z. 



The Access Control List (ACL) defines the matching criteria.The route-map 
defines the action corresponding to the matching criteria. The ip policy route- 
map command attaches a route-map to an interface. 

For detailed information about configuring Cisco routers for PBR, see http:// 

www.cisco.com/en/US/products/sw/iosswrel/psl831/ 

products_configuration_guide_chapter09186a00800c60d2.html#23550. 



Client-Side HP 
EFS WAN 
Accelerator 
Attached to 
Router through 
a Switch 



In this configuration, PBR is enabled on the interface of the client-side router 
connected to the Layer-2 switch that redirects traffic to the HP EFS WAN 
Accelerator. Communication between the client-side HP EFS WAN 
Accelerator and the clients must be through the client-side router. 

Figure 1-3. Client-Side HP EFS WAN Accelerator Attached to a Router through a 
Switch 
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The configuration steps are the same as "Single Subnet, Client-Side PBR 
Configuration" on page 118. 
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Client-Side HP 
EFS WAN 
Accelerator 
Attached to an 
Inside Router 



In this configuration, PBR is enabled on the router interface connected to the 
Layer-2 switch that redirects traffic to the HP EFS WAN Accelerator. The same 
PBR rules should not be enabled on the WAN router (or any other router on 
the way to the WAN). 

Figure 1-4. Client-Side HP EFS WAN Accelerator Attached to an Inside Router 
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The configuration steps are the same as "Single Subnet, Client-Side PBR 
Configuration" on page 118. (The configured router is the router to which the 
HP EFS WAN Accelerator is attached.) 



PBR Between VLANs 

If there is not a clear physical separation between the client and the HP EFS 
WAN Accelerator on the router where PBR is defined, you can use Virtual 
Local Area Networks (VLANs) to create a virtual separation. 

Figure 1-5. PBR Between VLANs 
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The HP EFS WAN Accelerator is configured in a different VLAN than the 
clients VLAN and PBR is enabled on the clients VLAN interface and disabled 
on the HP EFS WAN Accelerator VLAN interface. 



In this configuration, the HP EFS WAN Accelerator is attached to any Layer-2 
switch that the router can reach (even the same switch as the clients). VLAN 
trunking should be enabled between the Layer-2 switch and the PBR router 
(not on the link between the HP EFS WAN Accelerator and the switch). 

You reuse the same IP addresses as in the single subnet case and the router has 
2 VLAN interfaces on fastEthernetO/0. For details, see "Single Subnet, Client- 
Side PBR Configuration" on page 118. 
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To configure the HP The configuration is the same as in the single subnet case. For detailed 

EFS WAN Accelerator information, see "Single Subnet, Client-Side PBR Configuration" on page 118. 

With a different subnet configuration the route-map is attached to a VLAN 

interface instead of an ethernet interface. 



This example assumes that VLAN trunking is already configured on the 
Layer-2 switch and the router for the clients VLAN (VLAN1) and that the 
Layer-2 switch configuration for VLAN2 is already completed. 

To configure the Cisco 1. On the client-side router, at the system prompt, enter the following set of 
router commands: 

Router#conf igure terminal 

Router ( config) #interf ace fastEthernet 0/0.2 

Router ( config-subif ) #encapsulation dotlQ 2 

Router (conf ig-subif ) #ip address 10.2.0.1 255.255.0.0 

Router (config-subif) #exit 

Router (conf ig) #access-list 101 permit tcp any 10.1.0.2 255.255.255.255 

Router (conf ig) #interface fastEthernet 0/0.1 

Router (conf ig-subif ) iencapsulation dotlQ 1 

Router (conf ig-subif ) #ip address 10.0.0.1 255.255.0.0 

Router (conf ig-subif ) #ip policy route-map TrafficToS 

Router (config-subif) #exit 

Router ( conf ig) #route-map TrafficToS permit 10 
Router (conf ig-route-map) #match ip address 101 
Router (conf ig-route-map) #set ip next-hop 10.2.0.2 
Router (conf ig-route-map) #end 
Router# 



TIP: Enter configuration commands, one per line. End with CTRL-Z. 



Symmetrical HP EFS WAN Accelerator 
Configurations With PBR 

In the case where clients and servers are on both sides of the WAN, PBR can 
be configured on both sides with each router having the reversed rules of the 
other router. 

Figure 1-6. Symmetrical HP EFS WAN Accelerator Configurations with PBR 
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To configure the HP 
EFS WAN 
Accelerators 



For this example, assume that clients, servers, and HP EFS WAN Accelerators 
are all on a separate VLANs and the Layer-2 switch is attached to the router 
fastEthernetO/0 interface. This example uses the following IP addresses: 

♦ Left-side. Client=10.0.1.2/24, Server=10.0.2.2/24, HP EFS WAN 
Accelerator=10.0.3.2/24 

♦ Right-side. Client=10.1.1.2/24, Server=10.1.2.2/24, HP EFS WAN 
Accelerator=10.1.3.2/24 

Each router has an interface for each VLAN. 

1. On the left HP EFS WAN Accelerator, at the system prompt, enter the 
following set of commands: 

Left-SH > enable 

Left-SH # configure terminal 

Left-SH (config) # in-path enable 

You must restart the service for your changes to take effect. 
Left-SH (config) # in-path layer-4 enable 



CO 



3 
D 
c 

3J 



CO 



NOTE: You must save your changes and reboot the HP EFS WAN Accelerator for your 
changes to take effect. 



Left-SH (config) # interface in-path ip address 10.0.3.2 /24 
Left-SH (config) # ip in-path-gateway 10.0.3.1 

Left-SH (config) # in-path rule fixed-target addr 10.1.2.2/32 port 135 
target-addr 10.1.3.2 target-port 7800 

Left-SH (config) # in-path rule fixed-target addr 10.1.2.2/32 port 139 
target-addr 10.1.3.2 target-port 7800 

Left-SH (config) # in-path rule fixed-target addr 10.1.2.2/32 port 445 
target-addr 10.1.3.2 target-port 7800 

Left-SH (config) # in-path rule fixed-target addr 10.1.2.2/32 port 21 
target-addr 10.1.3.2 target-port 7800 

Left-SH (config) # in-path rule fixed-target addr 10.1.2.2/32 port 80 
target-addr 10.1.3.2 target-port 7800 
Left-SH (config) # write memory 
Left-SH (config) # reload 



2. On the right HP EFS WAN Accelerator, at the system prompt, enter the 
following set of commands: 

Right -SH > enable 

Right-SH # configure terminal 

Right-SH (config) # in-path enable 

You must restart the service for your changes to take effect. 
Right-SH (config) # in-path layer-4 enable 

You must save your changes and reboot the appliance for your changes to 
take effect. 

Right-SH (config) # interface in-path ip address 10.1.3.2 /24 
Right-SH (config) # ip in-path-gateway 10.1.3.1 

Right-SH (config) # in-path rule fixed-target addr 10.0.2.2/32 port 135 
target-addr 10.0.3.2 target-port 7800 

Right-SH (config) # in-path rule fixed-target addr 10.0.2.2/32 port 139 
target-addr 10.0.3.2 target-port 7800 

Right-SH (config) # in-path rule fixed-target addr 10.0.2.2/32 port 445 
target-addr 10.0.3.2 target-port 7800 

Right-SH (config) # in-path rule fixed-target addr 10.0.2.2/32 port 21 
target-addr 10.0.3.2 target-port 7800 
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Right-SH (config) # in-path rule fixed-target addr 10.0.2.2/32 port 80 
target-addr 10.0.3.2 target-port 7800 
Right-SH (config) # write memory 
Right-SH (config) # reload 

To configure a Cisco 1. On the left router, at the system prompt, enter the following commands: 

router 



TIP: Enter configuration commands, one per line; end with CTRL-Z. 



Router#conf igure terminal 

Enter configuration commands, one per line. End with CNTL/Z. 

Router (config) #interface fastEthernet 0/0.1 

Router ( conf ig-subif ) #encapsulation dotlQ 1 

Router (conf ig-subif ) #ip address 10.0.1.1 255.255.255.0 

Router (conf ig-subif ) #ip policy route-map Traf f icToRightS 

Router ( conf ig-subif ) #exit 

Router (conf ig) #interf ace fastEthernet 0/0.2 

Router (conf ig-subif ) #encapsulation dotlQ 2 

Router (conf ig-subif ) #ip address 10.0.2.1 255.255.255.0 

Router (conf ig-subif ) #ip policy route-map Traf f icFromLef tS 

Router ( conf ig-subif ) #exit 

Router (conf ig) #interf ace fastEthernet 0/0.3 

Router ( conf ig-subif ) #encapsulation dotlQ 3 

Router (conf ig-subif ) #ip address 10.0.3.1 255.255.255.0 

Router ( conf ig-subif ) #exit 

Router (conf ig) #access-list 101 permit tcp any 10.1.2.2 255.255.255.255 
Router (conf ig) #access-list 201 permit tcp 10.0.2.2 255.255.255.255 any 
Router (conf ig) #route-map Traf f icToRightS permit 10 
Router (conf ig-route-map) #match ip address 101 
Router (conf ig-route-map) #set ip next-hop 10.0.3.2 
Router (conf ig-route-map) #exit 

Router ( conf ig) #route-map Traf f icFromLef tS permit 10 
Router (conf ig-route-map) #match ip address 201 
Router (conf ig-route-map) #set ip next-hop 10.0.3.2 
Router (conf ig-route-map) #end 
Router* 

2. On the right router, at the system prompt, enter the following set of 
commands: 

Router#conf igure terminal 

Router (conf ig) #interface fastEthernet 0/0.1 

Router (conf ig-subif ) #encapsulation dotlQ 1 

Router (conf ig-subif ) #ip address 10.1.1.1 255.255.255.0 

Router (conf ig-subif ) #ip policy route-map Traf f icToLef tS 

Router ( conf ig-subif ) #exit 

Router (conf ig) #interf ace fastEthernet 0/0.2 

Router ( conf ig-subif ) #encapsulation dotlQ 2 

Router (conf ig-subif ) #ip address 10.1.2.1 255.255.255.0 

Router (conf ig-subif ) #ip policy route-map Traf f icFromRightS 

Router ( conf ig-subif ) #exit 

Router (conf ig) #interf ace fastEthernet 0/0.3 

Router (conf ig-subif ) #encapsulation dotlQ 3 

Router (conf ig-subif ) #ip address 10.1.3.1 255.255.255.0 

Router ( conf ig-subif ) #exit 

Router (conf ig) #access-list 101 permit tcp any 10.0.2.2 255.255.255.255 
Router (conf ig) #access-list 201 permit tcp 10.1.2.2 255.255.255.255 any 
Router ( conf ig) #route-map Traf f icToLef tS permit 10 
Router (conf ig-route-map) #match ip address 101 
Router (conf ig-route-map) #set ip next-hop 10.1.3.2 
Router (conf ig-route-map) #exit 
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Router (config) #route-map Traf f icFromRightS permit 10 
Router ( conf ig-route-map ) #match ip address 201 
Router (conf ig-route-map) (set ip next-hop 10.1.3.2 
Router (conf ig-route-map) tend 
Router* 



Troubleshooting 

On Cisco routers with a recent IOS version, the PBR Support for Multiple 
Tracking Options feature allows the router to check if a machine is still 
functioning. This feature can detect if the HP EFS WAN Accelerator is up and, 
if not, to stop redirecting the traffic to it. 

You can use the following methods to check an HP EFS WAN Accelerator: 

♦ ICMP ping reachability to a remote device. 

♦ Application running on a remote device (for example, the device 
responds to an HTTP GET request). 

♦ A route exists in the Routing Information Base (RIB) (for example, policy 
route only if 10.2.2.0/24 is in the RIB). 

♦ Interface state (for example, packets received on E0 should be policy 
routed out El only if E2 is down). 
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Configuring RADIUS and 
TACACS Servers 



In This Appendix This appendix describes how to configure Remote Authentication Dial-In User 

Service (RADIUS) or Terminal Access Controller Access Control System 
(TACACS) servers for the HP EFS WAN Accelerator. It contains the following 
sections: 

♦ "Overview," next 

♦ "Configuring a RADIUS Server" on page 129 

♦ "Configuring a TACACS+ Server" on page 130 

This appendix assumes you are familiar with RADIUS and TACACS 
authentication methods. 



Overview 

The HP EFS WAN Accelerator can use a RADIUS or TACACS+ authentication 
system for logging in administrative and monitor users. The following 
methods for user authentication are provided with the HP EFS WAN 
Accelerator: 

♦ local 

♦ radius 

♦ tacacs+ 

The order in which authentication is attempted is based on the order specified 
in the AAA authentication method list. The local value must always be 
specified somewhere in the method list. The CLI command set is a subset of 
the commands from the Cisco CLI. 

The authentication methods list provides backup methods if a method fails to 
authenticate a user. Failure is defined as no response for the method. If a deny 
is received from the method being tried, no other methods are attempted. 
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The HP EFS WAN Accelerator does not have the ability to set a per interface 
authentication policy. The same authentication method list is used for all 
interfaces (that is, default). You cannot configure authentication methods with 
subsets of the RADIUS or TACACS+ servers specified (that is, there are no 
server groups). 

The following CLI commands are available for RADIUS and TACACS+ 
authentication: 

♦ Authentication 

♦ "aaa authentication login default" on page 53 

♦ "aaa authorization map default-user" on page 54 

♦ "aaa authorization map order" on page 54 

♦ "show authentication method" on page 29 

♦ RADIUS Configuration 

♦ "radius-server host" on page 88 

♦ "radius-server key" on page 89 

♦ "radius-server retransmit" on page 90 

♦ "radius-server timeout" on page 90 

♦ TACACS+ Configuration 

♦ "tacacs-server host" on page 96 

♦ "tacacs-server key" on page 97 

♦ "tacacs-server retransmit" on page 97 

♦ "tacacs-server timeout" on page 97 

♦ "show tacacs" on page 44 

♦ User Accounts 

♦ "username privilege" on page 101 

♦ "username nopassword" on page 98 

♦ "username password" on page 99 

♦ "username password 0" on page 99 

♦ "username password 7" on page 99 

♦ "username password cleartext" on page 100 

♦ "username password encrypted" on page 100 

♦ "username disable" on page 98 
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Configuring a RADIUS Server 



You can, on a per user basis, specify a different local account mapping by using 
a vendor specific attribute. These instructions describe how to configure the 
FreeRADIUS server to return an attribute (which specifies the local user 
account as an ASCII string). The file paths shown are the defaults. If the 
RADIUS server installation has been customized, the paths might differ. 

The directory /usr/local/share/freeradius is where the dictionary files are 
stored. This is where various RADIUS attributes can be defined. Assuming the 
vendor has no established dictionary file in the FreeRADIUS distribution, you 
begin the process by creating a file called: dictionary. <vendor>. 

The contents of this file define a vendor identifier (which should be the SMI 
Network Management Private Enterprise Code of the Vendor), and the 
definitions for any vendor specific attributes. 

In the following example the Vendor Enterprise Number for HP is 17613 and 
the Enterprise Local User Name Attribute is 1. These numbers specify that a 
given user is an admin or monitor user in the RADIUS server (instead of using 
the HP EFS WAN Accelerators default for users not named admin and 
monitor). 

These instruction assume you are running FreeRADIUS, v. 1.0 which is 
available for download from http://www.freeradius. org. 

To install FreeRADIUS 1. Download FreeRadius from http://www.freeradius.org. 
on a Linux computer 

2. At your system prompt, enter the following set of commands: 

>tar xvzf f reeradius-$VERSION. tar . gz 
>cd f reeradius-$VERSION 
> . /configure 
>make 

>make install #as root 

1. In a text editor, open the /usr/local/etc/raddb/clients.conf file. 

2. To create the key for the RADIUS server, add the following text to the 
clients.conf file: 

client 10.0.0.0/16 { 

secret = testradius 
shortname = main-network 
nastype = other 

} 

3. In a text editor, create a /usr/local/share/freeradius/dictionary.rbt file for 
HP. 

4. Add the following text to the dictionary.rbt file. 

VENDOR RBT 17163 

ATTRIBUTE Local-User 1 string 
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5. Add the following line to the /usr/local/share/freeradius/dictionary: 



$INCLUDE dictionary. rbt 

6. Add users to the Radius server by editing the /usr/local/etc/raddb/users 
file. For example: 

"admin" Auth-Type := Local, User-Password == "radadmin" 

Reply-Message = "Hello, %u" 
"monitor" Auth-Type := Local, User-Password == "radmonitor" 

Reply-Message = "Hello, %u" 
"raduser" Auth-Type := Local, User-Password == "radpass" 

Local-User = "monitor", Reply-Message = "Hello, %u" 

7. Start the server using /usr/local/sbin/radiusd. Use the -X option if you 
want to debug the server. 



NOTE: The raduser is the monitor user as specified by Local, User. 



Configuring a TACACS+ Server 

The following section assumes you are running TACACS+ authentication 
system. 

The TACACS+ Local User Service is rbt-exec. The Local User Name Attribute 
is local-user-name. This attribute controls whether a user who is not named 
admin or monitor is an administrator or monitor user (instead of using the HP 
EFS WAN Accelerator default). For the HP EFS WAN Accelerator, the users 
listed in the TACACS+ server must have PAP authentication enabled. 

The following procedures install the free TACACS+ server on a Linux 
computer. Cisco Secure can be used as a TACACS+ server. There is also a free 
TACACS+ server. 

To download 1. Download TACACS+ from: 

TACACS+ http://www.gazi.edu.tr/tacacs/get.php?src=tac_plus_v9a.tar.gz. 

2. At your system prompt, enter the following set of commands: 

>tar xvzf tac_plus_v9a . tar . gz 
>cd tac_plus_v9a 
> . /configure 

3. In a text editor, open the Makefile and uncomment the 0S=-DLINUX line 
(or other lines appropriate for the operating system of the host). 

4. On Linux, in a text editor open the tac_plus.h file and uncomment the 

#define CONST_SYSERRLIST line. 
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5. At the system prompt, enter: 

>make tac_plus 



6. As the root user, enter the following command: 




>make install 



7. To add users to the TACACS server edit the /usr/local/etc/tac_plus.conf 
file. For example: 



key = testtacacs 
user = admin { 

pap = cleartext "tacadmin" 
user = monitor { 

pap = cleartext "tacmonitor" 
user = tacuser { 



pap = cleartext "tacpass" 
service = rbt-exec { 



local-user-name = "monitor 

} 



The tacuser is a monitor user as specified by local-user-name. 



NOTE: The chap, opap, and arap variables can be specified in a similar manner, but 
only pap is needed. 



8. Start the server by executing: 

>/usr/local/sbin/tac_plus -C /usr /local /etc/ tac_plus . conf 
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HP EFS WAN Accelerator Ports 



In This Appendix This appendix describes the HP EFS WAN Accelerator default and supported 

secure ports. It contains the following sections: 

♦ "Default Ports," next 

♦ "Commonly Optimized Ports" on page 133 

♦ "Interactive Ports Automatically Forwarded by the HP EFS WAN 
Accelerator" on page 134 

♦ "Secure Ports Automatically Forwarded by the HP EFS WAN 
Accelerator" on page 134 



Default Ports 

The HP EFS WAN Accelerator uses the following default ports. 

♦ In-path Listening Port: 7800 

♦ Out-of-Path Server Port: 7810 

♦ Failover Port: 7820 

♦ Exchange Port: 7830 



Commonly Optimized Ports 

The HP EFS WAN Accelerator by default optimizes all ports. If you do not 
want the HP EFS WAN Accelerator to optimize all ports for an in-path or out- 
of path configuration, you can specify specific ports for optimization. 

Although these ports can vary according to your requirements, the following 
ports are commonly specified for in-path and out-of-path configurations: 

♦ 80 

♦ 135 

♦ 139 
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♦ 445 

♦ 7830 



Interactive Ports Automatically Forwarded 
by the HP EFS WAN Accelerator 



The following interactive ports are automatically forwarded by the HP EFS 
WAN Accelerator by the HP EFS WAN Accelerator when you enable 
forwarding of interactive ports in the Mangement Console. 



Port 


Description 


7 


TCP ECHO 


23 


Telnet 


37 


UDP/Time 


107 


Remote Telnet Service 


513 


Remote Login 


514 


Shell 


3389 


MS WBT Server, TS/Remote Desktop 


5631 


PC Anywhere 


5900-5903 


VNC 


6000 


Xll 



For detailed information about the in-path forward interactive command, see 
"in-path forward interactive" on page 71. 



For detailed information about how to set interactive port forwarding, see the 

HP StorageWorks Enterprise File Services WAN Accelerator Management Console 
User's Guide. 



Secure Ports Automatically Forwarded 
by the HP EFS WAN Accelerator 

The following tables contain the secure ports that are automatically forwarded 
by the HP EFS WAN Accelerator when you enable forwarding of secure ports 
in the Mangement Console. 

For detailed information about the in-path forward secure command, see "in- 
path forward secure" on page 72. 
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For detailed information about how to enable forwarding of secure ports, see 
the HP StorageWorks Enterprise File Services WAN Accelerator Management 
Console User's Guide. 



Tvpe 


Port 


Description 


ssh 


zz / tcp 


SSH Remote Login Protocol 


nttps 


/ tcp 


http protocol over TLS/SSL 


smtps 


*±OD / tcp 


if JLVL 1 1 Over DDL ^ 1 ) 


nntps 


000/ tcp 


nntp protocol over TLS/SSL (was snntp) 


imap4-ssl 


DoD/ tcp 


iivi/\i ^-t-cfoL ^use yyo msteaci^ 


sshell 


£1 A I f /- 1~, 
01^/ tcp 




ldaps 


oau/ tcp 


ldap protocol over TLS/SSL (was sldap) 


ftps-data 


VoV / tcp 


ftp protocol, data, over TLS/SSL 


itps 


QQA /f^r> 

yy\J / tcp 


ftp protocol, control, over TLS/SSL 


telnets 


992/tcp 


telnet protocol over TLS/SSL 


imaps 


993/tcp 


imap4 protocol over TLS/SSL 


pop3s 


995/tcp 


pop3 protocol over TLS/SSL (was spop3) 


12tp 


1701 /tcp 


12tp 


pptp 


1723/tcp 


pptp 


tftps 


3713/tcp 


TFTP over TLS 


The following table contains the uncommon ports automatically forwarded by 
the HP EFS WAN Accelerator. 


Type 


Port 


Description 


nsiiops 


261 /tcp 


HOP Name Service over TLS/SSL 


ddm-ssl 


448/tcp 


DDM-Remote DB Access Using Secure Sockets 


corba-iiop-ssl 


684/tcp 


CORBA HOP SSL 


ieee-mms-ssl 


695/tcp 


IEEE-MMS-SSL 


ires 


994/tcp 


ire protocol over TLS/SSL 


njenet-ssl 


2252/tcp 


NJENET using SSL 


ssm-cssps 


2478/tcp 


SecurSight Authentication Server (SSL) 


ssm-els 


2479/tcp 


SecurSight Event Logging Server (SSL) 


giop-ssl 


2482/tcp 


Oracle GIOP SSL 


ttc-ssl 


2484/tcp 


Oracle TTC SSL 


syncserverssl 


2679/tcp 


Sync Server SSL 


dicom-tls 


2762/tcp 


DICOM TLS 


realsecure 


2998/tcp 


Real Secure 
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Type 


Port 


Description 


orbix-loc-ssl 


3077/tcp 


Orbix 2000 Locator SSL 


orbix-cfg-ssl 


3078/tcp 


Orbix 2000 Locator SSL 


cops-tls 


3183/tcp 


COPS/TLS 


csvr-sslproxy 


3191 /tq> 


ConServR SSL Proxy 


xnm-ssl 


3220/tcp 


XML NM over SSL 


msft-gc-ssl 


3269/tcp 


Microsoft Global Catalog with LDAP/SSL 


networklenss 


3410/tcp 


NetworkLens SSL Event 


xtrms 


3424/tcp 


xTrade over TLS/SSL 


jt400-ssl 


3471 /tcp 


jt400-ssl 


seclayer-tls 


3496/tcp 


securitylayer over tls 


vt-ssl 


3509/tcp 


Virtual Token SSL Port 


jboss-iiop-ssl 


3529/tcp 


JBoss IIOP/SSL 


ibm-diradm-ssl 


3539/tcp 


IBM Directory Server SSL 


can-nds-ssl 


3660/tcp 


Candle Directory Services using SSL 


can-ferret-ssl 


3661 /tcp 


Candle Directory Services using SSL 


linktest-s 


3747/tcp 


LXPRO.COM LinkTest SSL 


asap-tcp-tls 


3864/tcp 


asap/tls tcp port 


topflow-ssl 


3885/tcp 


TopFlow SSL 


sdo-tls 


3896/tcp 


Simple Distributed Objects over TLS 


sdo-ssh 


3897/tcp 


Simple Distributed Objects over SSH 


iss-mgmt-ssl 


3995/tcp 


ISS Management Svcs SSL 


suucp 


4031 /tcp 


UUCP over SSL 


wsm-server-ssl 


5007/tcp 


wsm server ssl 


sip-tls 


5061 /tcp 


SIP-TLS 


imqtunnels 


7674/tcp 


iMQ SSL tunnel 


davsrcs 


9802/tcp 


WebDAV Source TLS/SSL 


intrepid-ssl 


11751/tcp 


Intrepid SSL 


rets-ssl 


12109/tcp 


RETS over SSL 
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Glossary 



ARP. Address Resolution Protocol. An IP protocol used to obtain a node's 
physical address. 

Bandwidth. The upper limit on the amount of data, typically in kilobits per 
second (kbps), that can pass through a network connection. Greater 
bandwidth indicates faster data transfer capability. 

Bit. A Binary digit. The smallest unit of information handled by a computer; 
either 1 or 0 in the binary number system. 

Blade. One component in a system that is designed to accept some number of 
components (blades). 

CIFS. Common Internet File System. CIFS is the remote file system access 
protocol used by Windows servers and clients to share files across the 
network. 

Default gateway. The default address of a network or web site. It provides a 
single domain name and point of entry to the network or site. 

DHCP. Dynamic Host Configuration Protocol. Software that automatically 
assigns IP addresses to client stations logging onto a TCP/IP network. 

Domain. In the Internet, a portion of the Domain Name Service (DNS) that 
refers to groupings of networks based on the type of organization or 
geography. 

DNS. Domain Name Service. System used in the Internet for translating 
names of network nodes into IP addresses. A Domain Name Server notifies 
hosts of other host IP addresses, associating host names with IP addresses. 

Ethernet. The most widely used Local Area Network (LAN) access method. 

Gateway. A computer that acts as an intermediate device two or more 
networks that use the same protocols. The gateway functions as an entry and 
exit point to the network. Transport protocol conversion might not be 
required, but some form of processing is typically performed. 
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Gigabit Ethernet. An Ethernet technology that raises transmission speed to 
1 Gbps (1000 Mbps). 

Host. A computer or other computing device that resides on a network. 

Host address. The IP address assigned to each computer attached to the 
network. 

Host name. Name given to a computer, usually by DNS. 

HTTP. HyperText Transport Protocol. The protocol used by web browsers to 
communicate with web servers. 

Interface. The point at which a connection is made between two elements, 
systems, or devices so that they can communicate with one another. 

Internet. The collection of networks tied together to provide a global network 
that use the TCP/IP suite of protocols. 

IP. Internet protocol. Network layer protocol in the TCP/IP stack that enables 
a connectionless internetwork service. 

IP address. In IP version 4 (IPv4), a 32-bit address assigned to hosts using the 
IP protocol. Also called an Internet address. 

Latency. Delay between a request being issued and its response being 
received. 

Layer-4. A communications protocol (called the transport layer) responsible 
for establishing a connection and ensuring that all data has arrived safely. The 
application delivers its data to the communications system by passing a 
stream of data bytes to the transport layer along with the socket (the IP address 
of the station and a port number) of the destination machine. 

MAPI. Messaging API. A programming interface from Microsoft that enables 
a client application to send and receive mail from Exchange Server or a 
Microsoft Mail (MS Mail) messaging system. Microsoft applications such as 
Outlook, the Exchange client, and Microsoft Schedule use MAPI. 

Microsoft Exchange. Messaging and groupware software for Windows from 
Microsoft. The Exchange server is an Internet-compliant messaging system 
that runs under Windows systems and can be accessed by web browsers, the 
Windows Inbox, Exchange client or Outlook. The Exchange server is also a 
storage system that can hold anything that needs to be shared. 

Netmask. A 32-bit mask which shows how an Internet address is divided into 
network, subnet, and host parts. The netmask has ones in the bit positions in 
the 32-bit address which are used for the network and subnet parts, and zeros 
for the host part. The mask must contain at least the standard network portion 
(as determined by the class of the address), and the subnet field should be 
contiguous with the network portion. 

NFS. Network File System. The file sharing protocol in a UNIX network. 
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NIS. Network Information Services. A naming service from that allows 
resources to be easily added, deleted or relocated. 

Packet. A unit of information transmitted, as a whole, from one device to 
another on a network. 

Probe. A small utility program that is used to investigate, or test, the status of 
a system, network or web site. 

Policy. Routing and Quality of Service (QoS) scheme that forwards data 
packets to network interfaces based on user-configured parameters. 

Port. A pathway into and out of the computer or a network device such as a 
hub, switch, or router. On network devices, the ports are for communications, 
typically connecting Ethernet cables or other network devices. 

Router. A device that forwards data packets from one LAN or WAN to 
another. Based on routing tables and routing protocols, routers read the 
network address in each transmitted frame and make a decision on how to 
send it based on the most expedient route (traffic load, line costs, speed, bad 
lines, etc.). Routers work at Layer-3 in the protocol stack, whereas bridges and 
switches work at the Layer-2. 

SNMP. Simple Network Management Protocol. A network protocol that 
provides a way to monitor network devices, performance, and security and to 
manage configurations and collect statistics. 

Switch. A network device that filters and forwards frames based on the 
destination address of each frame. The switch operates at Layer-2 (data link 
layer) of the Open System Interconnection (OSI) model. 

TCP. Transmission Control Protocol. The error correcting Transport layer 
(Layer-4) in the TCP/IP protocol suite. 

TCP/IP. Transmission Control Protocol /Internet Protocol. The protocol suite 
used in the Internet, intranets, and extranets. TCP provides transport 
functions, which ensures that the total amount of bytes sent is received 
correctly at the other end. TCP/IP is a routable protocol, and the IP part of 
TCP/IP provides this capability. 
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